Microsoft-authentication-library-for-dotnet: Issue with redirectUri

Hi @harmjonker - MSAL does not control the content of the browser / Authenticator, so it is possible that you have hit a service bug. It would be good if we could get some logs to understand if the SDK is at fault at all.

Otherwise, you need to capture a correlation id and start a support case with AAD to drill deeper.

Logging and correlation IDs are described here: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/logging

We have found the pattern in the behavior. Our ADFS enforces a second factor login with TOTP. When one does not respond fast enough and has to go through a resend of the notification, then confirms the 2Factor, then the ADFS redirects to the general company landing page.

Sounds like a bug in ADFS. @jmprieur - who can we contact to confirm?

yes, I agree with you. I will let it investigate by our ADFS service provider (KPN). I have no idea whether this is a local configuration issue or generic ADFS issue. By the way we are at ADFS 2012 and are migrating to ADFS 2016 soon.

@harmjonker : do you have an update?

We discovered the pattern and this issue has been resolved by KPN in our ADFS deployment. When not responding fast enough to the 2F challenge the wrong retry screen was displayed where state (among with redirect uri) was lost. This has been fixed by KPN and slow responses to the 2F challenge are handled correctly now.

Thank you for following up @harmjonker