Hi oauth openid with microsoft azuread 365 works for me !!
you have to add an openid authentication source with these parameters: [Microsoft 0365] client_secret=XXXXXXXXXX description=Microsoft 0365 local_account_logins=0 client_id=XXXXXXXXXX access_token_path=/common/oauth2/token create_local_account=no protected_resource_url=https://graph.windows.net/me?api-version=1.6 authorize_path=/common/oauth2/authorize site=https://login.microsoftonline.com set_access_level_action= type=OpenID domains=*.msappproxy.net,account.activedirectory.windowsazure.com,accounts.accesscontrol.windows.net,adminwebservice.microsoftonline.com,api.login.microsoftonline.com,api.passwordreset.microsoftonline.com,autologon.microsoftazuread-sso.com,becws.microsoftonline.com,clientconfig.microsoftonline-p.net,companymanager.microsoftonline.com,device.login.microsoftonline.com,graph.microsoft.com,graph.windows.net,hip.microsoftonline-p.net,hipservice.microsoftonline.com,login.microsoft.com,login.microsoftonline.com,login.microsoftonline-p.com,login.windows.net,logincert.microsoftonline.com,loginex.microsoftonline.com,login-us.microsoftonline.com,nexus.microsoftonline-p.com,passwordreset.microsoftonline.com,provisioningapi.microsoftonline.com,*.adhybridhealth.azure.com,*.blob.core.windows.net,*.microsoftonline.com,*.microsoftonline-p.com,*.microsoftonline-p.net,*.msauth.net,*.msauthimages.net,*.msecnd.net,*.msftauth.net,*.msftauthimages.net,*.phonefactor.net,*.queue.core.windows.net,*.servicebus.windows.net,*.table.core.windows.net,*.windows.net,management.azure.com,policykeyservice.dc.ad.msft.net,secure.aadcdn.microsoftonline-p.com scope=oauth redirect_url=https://XXXXXXXX/oauth2/callback The username is not recognized. You have to modify the file : /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/DynamicRouting/Module/Authentication/oauth.pm email does not exist in the response, mail or userprincipalname yes Replace : sub _extract_username_from_response { my ($self, $info) = @_; return $info->{email}; } By : sub _extract_username_from_response { my ($self, $info) = @_; # return $info->{email}; return $info->{userPrincipalName}; } Restart httpd.portal Voilà the best would be a dedicated source of authentication but for now it works for me Brendan De : Brendan Envoyé : mardi 19 mars 2019 11:55 À : '[email protected]' <[email protected]<mailto:[email protected]>> Objet : oauth openid microsoft 365 Hi i'm trying to run openid oauth with microsoft 365, here is my last authentication.conf : [Microsoft O365] client_secret=XXXXXXX description=Microsoft 0365 local_account_logins=0 client_id= XXXXXXXXXX access_token_path=/common/oauth2/token create_local_account=no protected_resource_url= https://graph.windows.net authorize_path=/common/oauth2/authorize site=https://login.microsoftonline.com set_access_level_action= type=openid domains=*.msappproxy.net account.activedirectory.windowsazure.com accounts.accesscontrol.windows.net adminwebservice.microsoftonline.com api.login.microsoftonline.com api.passwordreset.microsoftonline.com autologon.microsoftazuread-sso.com becws.microsoftonline.com clientconfig.microsoftonline-p.net companymanager.microsoftonline.com device.login.microsoftonline.com graph.microsoft.com graph.windows.net hip.microsoftonline-p.net hipservice.microsoftonline.com login.microsoft.com login.microsoftonline.com login.microsoftonline-p.com login.windows.net logincert.microsoftonline.com loginex.microsoftonline.com login-us.microsoftonline.com nexus.microsoftonline-p.com passwordreset.microsoftonline.com provisioningapi.microsoftonline.com *.adhybridhealth.azure.com *.blob.core.windows.net *.microsoftonline.com *.microsoftonline-p.com *.microsoftonline-p.net *.msauth.net *.msauthimages.net *.msecnd.net *.msftauth.net *.msftauthimages.net *.phonefactor.net *.queue.core.windows.net *.servicebus.windows.net *.table.core.windows.net *.windows.net management.azure.com policykeyservice.dc.ad.msft.net secure.aadcdn.microsoftonline-p.com login.live.com scope=openid redirect_url=https://XXXXXX/oauth2/callback [Microsoft O365] action0=set_role=default match=all class=authentication action1=set_access_duration=12h I'm always getting this error : OAuth2 Error : Failed to validate the token, please retry I tried a lot of settings, I do not know what to put in scope or in protected_resource_url I could reduce domains but it's for testing oauth works perfectly with Google. sorry for my poor english thanks Brendan
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
