Using Web Password Filler with Microsoft Online Services

In this section, you'll learn how to use the Web browser extension to leverage Secret ServerWeb Password Filler for logging into Microsoft Online. When you launch Microsoft Online secrets with WPF, you'll need to perform some additional configuration. This section explains the issue you'll encounter and suggests remedies you can implement.

This version of WPF is available in Secret Server release 10.7.59 and later. These instructions assume you have WPF installed correctly and are connected to Secret Server. If you're using WPF With Microsoft Online for the first time, we recommend you test your installation on another site first.

Identifying the Problem

When you try to open a Microsoft Online secret with WPF, you might encounter two different error messages. You may see the first as: 'AADSTS900561: The endpoint only accepts POST requests. Received GET request.'

Or you may see the second error message:"AADSTS900144: The request body must contain the following parameter: 'client_id'.'

These errors don't explain the real problem. However, you're facing a simple issue with an easy solution that you can implement on your own.

Understanding the Issue

Normally, WPF captures the URL of the website you are on when it creates a secret. It stores this URL (and other data) for logging into that website. This is very convenient and usually works great. Unfortunately, with Microsoft Online, when you try to log in with that secret, you get an error. This occurs because the log in URL initially stored in the secret points to a redirected page that no longer exists. Fortunately, WPF uses the URL stored in the secret, so once you update that URL, you never have to do it again.

Web Password Filler initially stores this errant URL:

https://login.microsoftonline.com/common/oauth2/authorize

You need to replace it with the permanent (real) URL:

https://login.microsoftonline.com

To fix this issue, you must ensure that the secret stores the permanent URL instead of the original one.

Choose between these two methods to update the URL:

  • Before Saving the WPF Secret:: You can change the URL when WPF initially stores it, right from WPF, before saving the secret. You can use this method if you create a new WPF secret using the WPF Add Secret button or the browser's context (right-click) menu.
  • After Saving the WPF Secret:: You need to change the URL after you've stored the WPF secret in Secret Server. You must use this method if you've already saved the WPF secret in Secret Server with the one-time redirected URL. This situation can occur if an earlier WPF version created the WPF secret, or if you created the secret using the automatic secret creation feature, which captures the one-time redirected URL instead of the permanent one.

Fixing the Issue When Creating the WPF Secret

Before you begin, read these instructions in their entirety.

If you have not created the secret yet, complete the following steps:

  1. Go to the Microsoft Online log on (you already have an account and log in) or log-on setup page (you are setting up a new log in).

  2. Follow the Creating Secrets procedure.

  3. When you get to the second 'Add Account to Secret Server' pop-up, which looks like this:

    You now see the website URL that WPF inferred, which is incorrect. WPF also inferred the secret name—you can leave it as is or change it to whatever you like.

  4. Delete all the text after '.com' in the URL text box. Your URL should look like this: https://login.microsoftonline.com

  5. Return to and complete the rest of the instructions for the Creating Secrets procedure.

Fixing the Issue After Having Saved the WPF Secret

  1. Log in to Secret Server.

  2. Navigate to the WPF secret for that Microsoft Online site. It is most likely named login.microsoftonline.com, which is the inferred name from WPF.

  3. On the General tab for the secret, click the Edit link next to the URL text box:

  4. Delete all the text after '.com' in the URL text box. Your URL should look like this: https://login.microsoftonline.com

  5. Click Save.

  6. Log out of Secret Server.

  7. Return to Microsoft Online to test the secret. You will need to log in again.