Open amirukg opened 6 days ago
i dont use azure for anything so i have no way of testing this
HOWEVER the new docs say to try using oidc
instead of the azure
option in authStrategies
can you maybe try that and see if it works?
https://ylianst.github.io/MeshCentral/meshcentral/openidConnectStrategy/#azure-preset
Hi!
Updated config.json with:
"authStrategies": {
"oidc": {
"client": {
"client_id": "myclientID",
"client_secret": "myclientsecret"
},
"custom": {
"preset": "azure",
"tenant_id": "mytenantID"
}
}
}
but getting some strange errors:
-------- 6/28/2024, 4:31:56 PM ---- 1.1.24 --------
/root/node_modules/meshcentral/webserver.js:7406 let error = new Error('OIDC: Discovery failed.', { cause: err }); ^
Error: OIDC: Discovery failed. at setupDomainAuthStrategy (/root/node_modules/meshcentral/webserver.js:7406:29) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async setupAllDomainAuthStrategies (/root/node_modules/meshcentral/webserver.js:6495:82) { [cause]: AggregateError [ETIMEDOUT]: at internalConnectMultiple (node:net:1117:18) at afterConnectMultiple (node:net:1684:7) { code: 'ETIMEDOUT',
Error: connect ETIMEDOUT 20.190.144.163:443 at createConnectionError (node:net:1647:14) at Timeout.internalConnectMultipleTimeout (node:net:1706:38) at listOnTimeout (node:internal/timers:575:11) at process.processTimers (node:internal/timers:514:7) { errno: -110, code: 'ETIMEDOUT', syscall: 'connect', address: '20.190.144.163', port: 443 }, Error: connect ENETUNREACH 2603:1047:1:188::5:443 at createConnectionError (node:net:1647:14) at afterConnectMultiple (node:net:1677:16) { errno: -101, code: 'ENETUNREACH', syscall: 'connect', address: '2603:1047:1:188::5', port: 443
And Meshcentral server even cant start. Also IP adresses above are available from Meshcentral server.
Is the azure AD stuff free or cheap to run? I'll have to create my own AD with users etc then try and replicate ur issue, so it might take some time! Any docs/guides setting it all up?
I have Entra ID Plan 1, not free. I used https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=certificate and https://ylianst.github.io/MeshCentral/meshcentral/#microsoft-azure-active-directory In Meshcentral docs there is nothing about API permissions setttings, so https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis
When i attempt to log in using Microsoft account, successfully passing Auth window and MFA i see "internal server error"
Steps to reproduce the behavior:
I expected to log in Meshcentral under my Entra ID account.
Screenshots:
Server Software
Client Device
Additional context meshcentral-data/mesherrors.txt has errors:
InternalOAuthError: Failed to obtain access token at OAuth2Strategy._createOAuthError (/root/node_modules/passport-oauth2/lib/strategy.js:423:17) at /root/node_modules/passport-oauth2/lib/strategy.js:177:45 at /root/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:196:18 at ClientRequest.<anonymous> (/root/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:166:7) at ClientRequest.emit (node:events:519:28) at TLSSocket.socketErrorListener (node:_http_client:500:9) at TLSSocket.emit (node:events:519:28) at emitErrorNT (node:internal/streams/destroy:169:8) at emitErrorCloseNT (node:internal/streams/destroy:128:3) at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
My azure app settings: API permissions: Redirect URI:
config.json file