not 100% sure.. but I believe you created an "app" in the azure portal for the authentication to work? I was having similar issues until I explicitly, as an administrator, gave consent to the app for all users (rather than each user having to give individual consent).
I think I was getting a very similar error to you. On Tue, Sep 21, 2021 at 5:22 AM Matthies, Heiko via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello, > > > > I'm currently trying out the captive portal module from packetfence and > having difficulties with the OIDC Authentication. I believe I set up the > OIDC authentication source correctly as I get redirected back from the > Microsoft page. After that, the following error message occurs: > > *OAuth2 Error: Failed to validate the token, please retry* > > > > I believe the browser has a problem redeeming the token, the error-log > shows the following message: > > *Access to XMLHttpRequest at > 'https://login.microsoftonline.com/*******/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2F*****%2Foauth2%2Fcallback&client_id=******&hd=&state=&scope=openid > <https://login.microsoftonline.com/*******/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2F*****%2Foauth2%2Fcallback&client_id=******&hd=&state=&scope=openid>' > (redirected from 'https://*****/oauth2/common/img/sprite.svg') from origin > 'https://*****' has been blocked by CORS policy: Response to preflight > request doesn't pass access control check: No 'Access-Control-Allow-Origin' > header is present on the requested resource.* > > > > I searched through the different apache configs but even when I add the > Access-Control-Allow-Origin Header through apache, it does not seem to work. > > > > Am I missing something? For reference, the SAML-Authentication seems to > have the same issue, so I suspect a problem with the captive portal itself? > > > > Greetings > > > > Heiko Matthies > > > > > <https://asap.podigee.io/> > > > *ASAP Engineering GmbH* Sachsstraße 1A | 85080 Gaimersheim > Tel. +49 (8458) 3389 252 <+49%20(8458)%203389%20252> | Fax. +49 (8458) > 3389 399 > heiko.matth...@asap.de | www.asap.de > > Geschäftsführer: Michael Neisen, Robert Werner, Christian Schweiger | Sitz > der Gesellschaft: Gaimersheim | Amtsgericht: Ingolstadt HRB 5408 > > Datenschutz: Ausführliche Informationen zum Umgang mit Ihren > personenbezogenen Daten bei ASAP erhalten Sie auf unserer Website unter > Datenschutz. <http://www.asap.de/datenschutz/> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users