Receiving Error AADSTS50058 in JavaScript Setting

Introduction

This post is to review why a user may receive the error AADSTS50058 in a Javascript setting.

The full error that is shown is :

AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).

We will review why this issue may occur and some possible resolutions to prevent this error from occurring again.

Reason for AADSTS50058

The reason that the error occurs is because a silent sign in is sent to the login.microsoftonline.com endpoint, however the AADSSO cookie isn't being detected. This cookie determines if the user is logged in or not. The silent sign in is only meant to be used if the user is already known to be logged in or has a refresh token to exchange for a new access token.

By checking the KMSI box the first time logging in, this will add the KMSI cookie to let you refresh your access token so that users won't receive this error for a longer period of time.

Possible Resolution #1 Proactively Check for Expiration

You can attempt to prevent this error from ever occurring by checking if you have a valid id token. If you're ID token is not valid, you will ask the user to login again. You can check if the ID Token is valid by getting the token using AuthenticationContext.getCachedToken(clientID) and then checking the Expiration in the JWT Token.

Possible Resolution #2 Catching the Error and Asking the User to Login Again

To resolve this error you will need to catch this error in a callback that you can pass into the acquiretoken ADAL JS function. If the AADSTS50058 error occurs, you'll ask the user to login again.

Some users may experience this issue due to a browser extension that is blocking cookies for tracking purposes. This will cause this AADSTS50058 error to occur, you will need to whitelist the login.microsoftonline.com endpoint in your browser extension in order to avoid receiving this error again.

This error can also occur if the third party cookies have been disabled in your browser. Re-enable third party cookies in your browser to prevent this error from occurring.

Conclusion

In this post we reviewed three possible resolutions to fix this error. If you are still experiencing this error after attempting all three resolutions please file a support ticket with Azure Support and file an issue on the ADAL github library that you are using. The github issue section for the ADAL JS library can be found here : https://github.com/AzureAD/azure-activedirectory-library-for-js/issues