We're trying to authenticate one of our customers using an application we have and registered in Azure AD. However the customer gets this error upon executing the authentication request:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50000: There was an error issuing a token. AADSTS65005: The application needs access to a service that your organization
<name_of_company>has not subscribed to. Please contact your Administrator to review the configuration of your service subscriptions.
Trace ID: e8746b39-33c6-4a4c-8608-906613fe73a9
Correlation ID: 14618bd8-b58e-4301-a269-510ff22cb600
Timestamp: 2016-12-20 13:07:46Z
Our method of authentication is basically this:
AuthenticationContext commonAuthContext = new AuthenticationContext("https://login.microsoftonline.com/common");
AuthenticationResult result = await commonAuthContext.AcquireTokenAsync("https://management.core.windows.net/",
_clientId, _replyUrl,
new PlatformParameters(PromptBehavior.Always));
Our AAD application is in microsoft.com directory and is called:
cisnativeinstaller [wsfed enabled]
Thanks Jeff
When we develop an app which required the subscription service like Office 365 Exchange Online. This is error would occur when the users who doesn't have the subscription for it try to grant the consent to the app.
To fix this issue, the users need to be assign the corresponding licence before they can grant the consent for the app.
Or you may develop multi-tier applications, in this scenario, we need to add the client app to service app knownClientApplications. Refer links below about this scenario:
How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern( Consent and multi-tier applications section)