search

JonathanHolvey / sharepy

Simple SharePoint authentication for Python
GNU General Public License v3.0
174 stars 52 forks source link

Unable to authenticate possibly due to Okta SSO / MFA #60

Open sandemi1 opened 2 years ago

sandemi1 commented 2 years ago

We suspect Okta's authentication service is preventing us from logging into Sharepoint O365. Looking for a solution that allows us to login to Sharepoint O365 through Okta's MFA service.

Python app response with correct/incorrect password and/or correct/incorrect user id:

Enter id: smithjo1 Enter password: Connecting with id: smithjo1@company.net

Exception (ERPY-1.0.3) Unable to upload file to SharePoint: MobaXterm Sessions7.mxtsessions error: Token request failed. Invalid server response exception: Token request failed. Invalid server response (<class 'sharepy.errors.AuthError'>) function: uploadSharepoint() at line 62 *** source: sp = sharepy.SharePointSession("https://company.sharepoint.com", auth) Token request failed. Invalid server response Unable to upload file to SharePoint: MobaXterm Sessions7.mxtsessions

XML from microsoft federation service: https://login.microsoftonline.com/GetUserRealm.srf?login=smithjo1@company.net&xml=1 

<RealmInfo Success="true">
<State>3</State>
<UserState>2</UserState>
<Login>smithjo1@company.net</Login>
<NameSpaceType>Federated</NameSpaceType>
<DomainName>company.net</DomainName>
<FederationGlobalVersion>-1</FederationGlobalVersion>
<AuthURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/passive?username=smithjo1%40company.net&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=</AuthURL>
<IsFederatedNS>true</IsFederatedNS>
<STSAuthURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/active</STSAuthURL>
<FederationTier>0</FederationTier>
<FederationBrandName>company</FederationBrandName>
<AllowFedUsersWLIDSignIn>false</AllowFedUsersWLIDSignIn>
<Certificate>TUlJRG1qQ0NBb0tnQX...<removed>...</Certificate>
<MEXURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/mex</MEXURL>
<PreferredProtocol>1</PreferredProtocol>
<EDUDomainFlags>0</EDUDomainFlags>
<CloudInstanceName>microsoftonline.com</CloudInstanceName>
<CloudInstanceIssuerUri>urn:federation:MicrosoftOnline</CloudInstanceIssuerUri>
</RealmInfo>

Python app source code snippet:

import requests
import sharepy

    auth = sharepy.auth.SharePointADFS(username=g.username, password=g.password)
    auth.login_url = "https://login.microsoftonline.com/extSES.srf"
    sp = sharepy.SharePointSession("https://company.sharepoint.com", auth)

Thank you.

karimabuseer commented 2 years ago

Probably want to authenticate using OAuth instead, which I don't think is currently supported