search

JetBrains / teamcity-azure-active-directory

TeamCity plugin which supports authentication via Microsoft Azure Active Directory
Apache License 2.0
26 stars 19 forks source link

400 Marked request as unauthenticated since failed to parse JWT from retrieved id_token #56

Open solazs opened 3 years ago

solazs commented 3 years ago

After upgrading to latest teamcity (2020.2.3) and the latest version of the aad plugin (0.7.2), we're getting the following error after logging in to teamcity:

400 Marked request as unauthenticated since failed to parse JWT from retrieved id_token <some 4 lines of data here>

I'm unsure what this is caused by. We have CORS set up according to the plugin docs, our config worked before upgrading.

If you need any more info let me know what to upload.

IlyaFomenko commented 3 years ago

@solazs could you please verify that you are using "OAuth 2.0 authorization endpoint (v1)" for the plugin?

solazs commented 3 years ago

Yes, I'm using "https://login.microsoftonline.com/(tenant-id)/oauth2/authorize", which is "OAuth 2.0 authorization endpoint (v1)"

IlyaFomenko commented 3 years ago

I create an issue in our YouTrack Please post your answers there.

Are you using internal property: teamcity.aad.endpoint.type=dedicated ? Also please attach the full text of the error with id_token (please make it visible to jetbrains team only).

solazs commented 3 years ago

@IlyaFomenko done.

StephenShamakian commented 2 years ago

@solazs @IlyaFomenko Was this ever solved? We are running into the same issue with v2021.1.3 of TeamCity and the latest plugin version for AzureAD.

matthewzdonczik commented 2 years ago

@solazs @IlyaFomenko any updates on this one? I am having the same problem with plugin version 0.7.2 and teamcity version 2021.2

StephenShamakian commented 2 years ago

@matthewzdonczik I had JetBrains support open a ticket for us: https://youtrack.jetbrains.com/issue/TW-74020

But I believe the issue we have is around the JWT token verifier needing access to the URL listed in this code: https://github.com/JetBrains/teamcity-azure-active-directory/blob/master/azure-active-directory-server/src/main/kotlin/org/jetbrains/teamcity/aad/JWTVerifier.kt#L25

JetBrains said the TeamCity internal properties for proxy don't apply to this code. We were getting errors in the win-service.log file that it was unable to access this endpoint.

ttermeer-reboundcg commented 7 months ago

Same error appeared for us today after we rebooted the server. It was working fine before. edit: problem went away on its own.