I am having an intermittent issue with a vendor retrieving a token from an Azure AD app registration

Sean P. Huff 21 Reputation points
2022-06-30T16:09:40.71+00:00

I am having an intermittent issue with a vendor retrieving a token from an Azure AD app registration. How can I start troubleshooting this issue? I'm not sure where to start.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,267 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 20,721 Reputation points Microsoft Employee
    2022-07-01T14:22:39.653+00:00

    @Sean P. Huff

    Thank you for reaching out to us. As per your query there is authentication failing intermittently while trying to access one of the applications registered in Azure AD App registration.

    First, you will have to capture fiddler trace while reproducing the issue, so that we can check where exactly it is failing in the authentication flow.
    Fiddler tool shows us the entire flow between application and Azure AD. This will also help us in identifying if the issue is with Azure AD or with the application.

    As per your query you have mentioned that your vendor is not retrieving the token from Azure AD. We will have to check if application had sent the request to Azure AD first. If yes then which is the Azure endpoint where application has sent the token request to.

    All above mentioned can be identified using fiddler tool. Below are the steps to capture fiddler trace,

    Steps to capture fiddler trace

    • Download fiddler from the link: http://www.telerik.com/download/fiddler/fiddler4
    • Click on Tools>>fiddler options
    • Click on the Https tab and put check mark on the “Decrypt HTTPS traffic”.
    • Access the application and confirm if https traffic is getting captured.
    • Keep the fiddler ON till you get an error while trying to access application.
    • Stop the fiddler trace by clicking on file>> capture traffic

    Since you also mentioned that issue is intermittent, you will have to check the error that you get and in what page you get an error.
    Also, you can check the sign-in log in Azure AD for user to check if the request reached to Azure AD. If there is no sign-in logs in Azure AD then issue is with application since the request is not reached Azure AD for authentication.

    Let me know if you have any further questions regarding this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


2 additional answers

Sort by: Most helpful
  1. Sandeep G-MSFT 20,721 Reputation points Microsoft Employee
    2022-07-04T04:10:06.693+00:00

    @Sean P. Huff
    Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

    0 comments No comments

  2. Sean P. Huff 21 Reputation points
    2022-07-05T16:44:53.957+00:00

    For anyone looking for diagnostic data with an Azure AD app registration you can find sign-in data through the AzureAD "Sign-in logs" menu. In our tenant I had to select the new preview view. Once selected you can show results for "Service principal sign-ins" via a menu option under the Date and filter buttons. The service principal name or service principal ID column can be filtered by copying the data from the app registration overview screen.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.