How to troubleshoot the default app registration for AAD logins that does not work and displays Orchestrator error #200 and also in the logs unsupported_response_type is displayed?
In order to enable AAD logins, an App registration needs to be set up in Azure and the configuration in the Orchestrator needs to be populated with the AAD info. However the default app registration does not work, and following behavior is noticed:
- when trying to log in with AAD error #200 is displayed
- in the logs unsupported_response_type is displayed.
When creating the App Registration in Azure for AAD logins, two modifications must be made to the manifest by logging in to Azure/ Opening the Azure AD blade/ selecting the App registration/ opening the Manifest blade:
- In Line 24 "oauth2AllowIdTokenImplicitFlow" has to be set to: true
- In line 55 "signInUrl" needs to be populated with your Orchestrator URL as in line 39
It has been observed that occasionally the Orchestrator URLs in lines 39 and 55 have trailing slashes and that can cause a problem, so it is advisable to have the trailing slashes removed.