Black bit sso login issue on pimcore 10.6

[Thejaswini-Rao-U]

Hi Team

I have installed black bit on pimcore 10.6.9 version, but getting the below error attached

Please let me know how i can solve it?

Thanks in advance
Thejaswini

[Thejaswini-Rao-U]

Hi Team,

Any solution?

[BlackbitDevs]

Hi @Thejaswini-Rao-U,

have you followed the instructions for SSO with Azure AD / Entra ID:
To use Azure AD as authentication provider, you have to create a new Azure AD app:

1. Log in to your Azure account and navigate to Azure Active Directory > App registrations.
2. Select + New registration to create a new app.
3. Enter a name of your choice in the Name field.
4. Set Redirect URI to https://your-pimcore.com/sso/redirect - please replace the domain name to your real one.
5. Click Register
6. Copy the Application (client) ID from the app configuration page and paste it in the Pimcore SSO configuration's field Client ID.
7. Navigate to the app’s configuration page. If you just completed the previous step, you should already be on this page. Otherwise, search for your app name in the App registrations list.
8. Select Certificates & secrets.
9. Select + New client secret. Provide a description and an expiration length that follows your security organization’s guidelines. Then click Add.
10. Copy the newly-created client secret and paste it in the Pimcore SSO configuration's field Client Secret.
11. In Pimcore SSO configuration, as Discovery URL enter https://login.microsoftonline.com/[TENANT]/.well-known/openid-configuration - please replace [TENANT] with your tenant id.
12. In Pimcore SSO configuration, as Scopes use openid, profile, email
13. In user field mappings assign:

Pimcore field	Azure AD field
Username / login	unique_name
Given name	given_name
Family name	family_name
Email	unique_name
Groups / Roles	groups

I am not 100% sure what a "reply address" is. Please check the Redirect URI of your app in Azure AD / Entra ID. If it really needs a reply email address somewhere, please enter something.

[Thejaswini-Rao-U]

@BlackbitDevs , Thanks for the response.
App registration i need to check with my client. what i have done is in the configuration, we have added client id, secret token and URL and user/email id.

after configuration is done when i logout and login it will show the button and clicking on the button it ask for the email id and password for the login then next page of password it will ask for permission request when i accept it redirects into the above error page which is attached in the screenshot.

[Thejaswini-Rao-U]

Hi Team,

Now client has given secret key different and when im trying to login with their id gives different error shows below

[Thejaswini-Rao-U]

@BlackbitDevs , i have configured in pimcore below fields like

Username / login - email id
Given name - given_name
Family name - family_name
Email - unique_name
Groups / Roles - groups

is this correct? only username i have mentioned client email which we are going to use for redirect url login
Please confirm if im missing anything in configuration. because im facing same issue after configuring all the details correctly

[Thejaswini-Rao-U]

any update?

[BlackbitDevs]

@Thejaswini-Rao-U According to https://stackoverflow.com/a/66275320 the redirect URL in your Azure AD / Entra app is wrong. Please set this to https://<your Pimcore domain>/sso/redirect, so if your Pimcore is running on https://example.org, set the redirect URL in the Entra app to https://example.org/sso/redirect