Hello Diego, that’s correct, in order for the authentication to work, I needed an “app” in the azure portal. I created this app and entered the credentials into PacketFence. I’ve already granted admin consent so this shouldn’t be an issue. The authentication on O365 side works just fine because I get redirected back to the PacketFence callback URL/oauth2/callback but then the captive portal tries to redeem the token and fails due to the missing Access-Control-Allow-Origin header.
Greetings Heiko [cid:2018_Signatur_ASAP_Engineering_607ba42f-d9c6-4abe-af16-b2b0953d2657.png] [cid:MK_FB_Podcast_20210201_70f02930-dafd-4abf-9139-c2414fbba13c.png]<https://asap.podigee.io/> ASAP Engineering GmbH Sachsstraße 1A | 85080 Gaimersheim Tel. +49 (8458) 3389 252<tel:+49%20(8458)%203389%20252> | Fax. +49 (8458) 3389 399<fax:+49%20(8458)%203389%20399> heiko.matth...@asap.de<mailto:heiko.matth...@asap.de> | www.asap.de<http://www.asap.de> Geschäftsführer: Michael Neisen, Robert Werner, Christian Schweiger | Sitz der Gesellschaft: Gaimersheim | Amtsgericht: Ingolstadt HRB 5408 Datenschutz: Ausführliche Informationen zum Umgang mit Ihren personenbezogenen Daten bei ASAP erhalten Sie auf unserer Website unter Datenschutz.<http://www.asap.de/datenschutz/> Von: Diego Garcia del Rio <garc...@gmail.com> Gesendet: Dienstag, 21. September 2021 19:13 An: packetfence-users@lists.sourceforge.net Cc: Matthies, Heiko <heiko.matth...@asap.de> Betreff: Re: [PacketFence-users] Office365 authentications fail on captive portal not 100% sure.. but I believe you created an "app" in the azure portal for the authentication to work? I was having similar issues until I explicitly, as an administrator, gave consent to the app for all users (rather than each user having to give individual consent). I think I was getting a very similar error to you. On Tue, Sep 21, 2021 at 5:22 AM Matthies, Heiko via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello, I'm currently trying out the captive portal module from packetfence and having difficulties with the OIDC Authentication. I believe I set up the OIDC authentication source correctly as I get redirected back from the Microsoft page. After that, the following error message occurs: OAuth2 Error: Failed to validate the token, please retry I believe the browser has a problem redeeming the token, the error-log shows the following message: Access to XMLHttpRequest at 'https://login.microsoftonline.com/*******/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2F*****%2Foauth2%2Fcallback&client_id=******&hd=&state=&scope=openid' (redirected from 'https://*****/oauth2/common/img/sprite.svg') from origin 'https://*****' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. I searched through the different apache configs but even when I add the Access-Control-Allow-Origin Header through apache, it does not seem to work. Am I missing something? For reference, the SAML-Authentication seems to have the same issue, so I suspect a problem with the captive portal itself? Greetings Heiko Matthies _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
