[PacketFence-users] oauth openid microsoft 365

Tue, 19 Mar 2019 05:57:33 -0700 

Hi

i'm trying to run openid oauth with microsoft 365, here is my last 
authentication.conf :

[Microsoft O365]
client_secret=XXXXXXX
description=Microsoft 0365
local_account_logins=0
client_id= XXXXXXXXXX
access_token_path=/common/oauth2/token
create_local_account=no
protected_resource_url= https://graph.windows.net
authorize_path=/common/oauth2/authorize
site=https://login.microsoftonline.com
set_access_level_action=
type=openid
domains=*.msappproxy.net account.activedirectory.windowsazure.com 
accounts.accesscontrol.windows.net adminwebservice.microsoftonline.com 
api.login.microsoftonline.com api.passwordreset.microsoftonline.com 
autologon.microsoftazuread-sso.com becws.microsoftonline.com 
clientconfig.microsoftonline-p.net companymanager.microsoftonline.com 
device.login.microsoftonline.com graph.microsoft.com graph.windows.net 
hip.microsoftonline-p.net hipservice.microsoftonline.com login.microsoft.com 
login.microsoftonline.com login.microsoftonline-p.com login.windows.net 
logincert.microsoftonline.com loginex.microsoftonline.com 
login-us.microsoftonline.com nexus.microsoftonline-p.com 
passwordreset.microsoftonline.com provisioningapi.microsoftonline.com 
*.adhybridhealth.azure.com *.blob.core.windows.net *.microsoftonline.com 
*.microsoftonline-p.com *.microsoftonline-p.net *.msauth.net *.msauthimages.net 
*.msecnd.net *.msftauth.net *.msftauthimages.net *.phonefactor.net 
*.queue.core.windows.net *.servicebus.windows.net *.table.core.windows.net 
*.windows.net management.azure.com policykeyservice.dc.ad.msft.net 
secure.aadcdn.microsoftonline-p.com login.live.com
scope=openid
redirect_url=https://XXXXXX/oauth2/callback

[Microsoft O365]
action0=set_role=default
match=all
class=authentication
action1=set_access_duration=12h

I'm always getting this error :
OAuth2 Error : Failed to validate the token, please retry

I tried a lot of settings, I do not know what to put in scope or in 
protected_resource_url
I could reduce domains but it's for testing

oauth works perfectly with Google.

sorry for my poor english

thanks

Brendan

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to