chiefonboarding / ChiefOnboarding

Free and open-source employee onboarding platform. Onboard new hires through Slack or the web portal.
https://chiefonboarding.com
GNU Affero General Public License v3.0
683 stars 126 forks source link

Entra (AAD) provisioning error #504

Open vejadutoo opened 2 months ago

vejadutoo commented 2 months ago

When trying to provision a new user through the Create user in Azure Active Directory integration I get a 400 error when the execute block POSTs.

From what I can tell, the POST data is all good, it's definitely valid JSON, and all of the keys map correctly to Graph, and the headers are there.

Of note, the Test user exist works just fine.

Status code: 400

Method and URL POST: https://graph.microsoft.com/v1.0/users

Response:

{
    "error": {
        "code": "BadRequest",
        "message": "Unable to read JSON request payload. Please ensure Content-Type header is set and payload is of valid JSON format.",
        "innerError": {
            "date": "2024-09-07T00:48:00",
            "request-id": "xxxx",
            "client-request-id": "xxxx"
        }
    }
}

Post data:

{
    "displayName": "John Doe",
    "mailNickname": "JohnDoe",
    "accountEnabled": true,
    "passwordProfile": {
        "password": "***Secret value for PASSWORD***",
        "forceChangePasswordNextSignIn": true
    },
    "userPrincipalName": "john@chiefonboarding.com"
}

Headers


{
    "Content-Type": "application/json",
    "Authorization": "***Secret value for oauth.token_type*** ***Secret value for oauth.access_token***"
}`
GDay commented 2 months ago

Try using "cast_data_to_json": true. Example: https://integrations.chiefonboarding.com/manifest/15 (on the execute request).

By default, ChiefOnboarding will try to push the data as a string. Using that will cast the data to a json. It's debatable whether that's a sane default (probably not), but I think setting the above should work for you.

vejadutoo commented 2 months ago

This is default checked: image

I added it just to be sure: image

I got a 20x the first time i ran the test from the builder, but now it's giving me the same 400 as before and I can't replicate the success even with changing around the execute request. Also if I edit the execute block in the builder the app hangs and I have to paste the manifest back in using update image

GDay commented 2 months ago

Might be a bug in the builder. I will check it out tomorrow.

GDay commented 2 months ago

I hoping the fix I pushed up to master is resolving this for you. I don't have an active AD subscription, so it's a little tricky to reproduce this issue.

vejadutoo commented 2 months ago

I appreciate the help. I'm using a docker deployment, so I have to wait for the image to reflect the fix.

Also, I got the 200 status again. It was just the login 🤦

image

In the meantime, I'm in way over my head so I'll do some reading to see if I can figure this out. I'm assuming that other people are using the integration without issue, so I have to believe there's something wrong in my deployment.

GDay commented 2 months ago

Just released v2.2.4 on Dockerhub.

Also, I got the 200 status again. It was just the login 🤦

So it's working now as expected?