Authentication issue

[r711]

I want to connect my sharepoint online site with visual studio code with the help of SPGo. While populating the workspace, it returns an error 'Access denied'.

Subcode - FailedAuthentication Reason - Access Denied

Here, the username used is a OnPrem account eg; 'jhondoe@companyname.com' and not a 'onmicrosoft' account. I tried using Digest and ADFS authentication, both return the same error.

While using ADFS authentication, i am using the below setting in spgo.json:

"authenticationType": "ADFS", "authenticationDetails":{ "relyingParty": "urn:federation:MicrosoftOnline" "adfsUrl": "fedsvcs.companydomain.com" }

Am I missing something. Please guide

[chrishasz]

Hello @r711 -

SPGo uses node-sp-auth for all SharePoint authentication methods. Can you follow the documentation here to confirm you are using the correct relyingParty and adfsUrl properties?

There is also a sample code snippet on that documentation page which you can use to quickly test your credentials/access.

Let me know if all of the settings are correct and you are still seeing issues.

Thanks, Chris

[s-KaiNet]

Hello there! :) Just a notice from my side - adfsUrl should in the format of url, not host, i.e. https://adfs.com.
Have you tried that?

[s-KaiNet]

Additionally, for SharePoint Online with adfs you should provide only your username and password (without relyingParty, etc.), it handles everything else internally.

[r711]

Additionally, for SharePoint Online with adfs you should provide only your username and password (without relyingParty, etc.), it handles everything else internally.

Thank you all for your replys.

I earlier tried without using any authenticationtype, but they are not working. I tried using Digest, didnt work. If i dont use any authenticationtype, just plain sourcedirectory, sharepointsiteurl and remotefolders, its still cant connect and returns 'Time Out error'. Finally i came to adfs type, and in adfs auth, initially tried using

"adfsUrl": "https://fedsvcs.companydomain.com/adfs/ls/IdpInitiatedSignOn" This url if i browse to, it logs me in with SSO. Not sure why it isnt working through spgo.

Can you may be write the json for me, what it actually should be in the scenario. Right now it is like so:

{ "sourceDirectory": "src", "sharePointSiteUrl": "https://companydomain.sharepoint.com/sites/sitename", "publishingScope": "SaveOnly", "authenticationType": "adfs", "authenticationDetails": { "adfsUrl": "https://fedsvcs.companydomain.com/adfs/ls/IdpInitiatedSignOn" }, "remoteFolders": [ "/siteassets" ]
}

[radityoardi]

I still got the issue till today. Any updates?

[chrishasz]

@r711 , @radityoardi

Do you have an IT department that you could work with to get the relyingParty and adfsUrl property values from?

@r711 the adfsUrl property for "headless" connections is probably different than the URL of the page you would browse to via a web browser.

[radityoardi]

@chrishasz that's the problem. what is relyingParty? I know adfsUrl. These things are not mentioned in the documentation of what is that? What I've done was to add "urn:federation:MicrosoftOnline" as relyingParty and adfsUrl as the adfsUrl, but seems doesn't work at all.

[chrishasz]

Hello @r711, @radityoardi

I apologize for the delay in responding to you both. I'm not sure what level of access you have on your network, but if you want to find the relyingParty value for your SharePoint instance, you can run the Get-SPTrustedIdentityTokenIssuer command from PowerShell (Documentation here)

@s-KaiNet wrote up some good documentation on how to find your ADFS properties here. SPGo uses node-sp-auth for SP Auth under the covers.

Give that a try and let me know if it works for you.

[chrishasz]

Closing as old. If you still are seeing the issue, please reopen this issue.