search

davidjrh / dnn.azureadprovider

The DNN Azure Active Directory Provider is an Authentication provider for DNN Platform (formerly DotNetNuke) that uses Azure Active Directory OAuth2 authentication to authenticate users.
MIT License
35 stars 21 forks source link

Azure AD roles map and synchronize with DNN roles #41

Closed maduranga001 closed 2 years ago

maduranga001 commented 3 years ago

I am using a free Azure version, So I can use only the default Azure AD roles. I created a new role on DNN and mapped on the "ROLE MAPPINGS". But I can not see the DNN user has updated with the role.

Please, can you advise me on how to work with this?

Thank you!

davidjrh commented 3 years ago

To setup role sync, you have to setup the Graph API App on the "Advanced settings" and check the Role Sync checkbox.

rodsmr commented 3 years ago

I've got a problem with Profile sync I enabled this feature, in Graph Client I set

I've this errorr

DotNetNuke.Authentication.Azure.Components.Graph.GraphClient - Error Calling the Graph API: 
{
  "error": {
    "code": "UnknownError",
    "message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
    "innerError": {
      "date": "2021-07-16T12:11:31",
      "request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69",
      "client-request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69"
    }
  }
}
System.Net.WebException: Error Calling the Graph API: 
{
  "error": {
    "code": "UnknownError",
    "message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
    "innerError": {
      "date": "2021-07-16T12:11:31",
      "request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69",
      "client-request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69"
    }
  }
}
   at DotNetNuke.Authentication.Azure.Components.Graph.GraphClient.SendGraphRequest(String api, String query, String body, GraphApiVersion apiVersion, HttpMethod httpMethod)
   at DotNetNuke.Authentication.Azure.Components.Graph.GraphClient.GetUserProfilePictureMetadata(String userId)

Is there a way to solve?

davidjrh commented 3 years ago

Sounds like a permissions issue with the application. If you are going to use the same application for both the delegated and graph API background API calls, ensure that:

djh146 commented 2 years ago

Hello. I am working to set up Azure AD as an authentication for multiple portals in my installation (09.04.03). I have the AAD App Registration configured, and am able to create the user when logging in via authenticator for the first time on the host portal. I also created Roles in AAD with group associations, and mapped these in the provider. However the roles are not added when creating the user. The Graph API settings are set per the documentation, using the App ID and Secret. I have Graph API User.Read set in API Permissions. The roles appear to be in the sent token (they are in the Manifest). Are there other Graph API permissions, or do roles in DNN need to be configured differently in order for them to map properly (ex. Role Groups, not Global Roles)?

davidjrh commented 2 years ago

Starting v4.1.0 Azure AD Graph is no longer used. Now Microsoft Graph is used for all the API calls. Please, check the upgrading instructions and Graph API permissions mentioned on the release

https://github.com/davidjrh/dnn.azureadprovider/releases/tag/v4.1.0