search

jenkinsci / azure-ad-plugin

Authentication and Authorization with Azure AD
https://plugins.jenkins.io/azure-ad/
MIT License
29 stars 57 forks source link

Guest user can't use people picker #156

Closed alfador1 closed 3 years ago

alfador1 commented 3 years ago

Version report

Jenkins and plugins versions report: Jenkins: 2.277.4 OS: Linux - 4.18.0-193.6.3.el8_2.x86_64

git-client:3.7.1 trilead-api:1.0.13 cloudbees-folder:6.15 antisamy-markup-formatter:2.1 jaxb:2.3.0.1 jdk-tool:1.4 git-server:1.9 structs:1.23 gradle:1.36 workflow-step-api:2.23 token-macro:2.15 build-timeout:1.20 branch-api:2.6.4 credentials:2.5 pipeline-rest-api:2.19 plain-credentials:1.7 ssh-credentials:1.18.1 handlebars:3.0.8 credentials-binding:1.26 scm-api:2.6.4 workflow-api:2.46 timestamper:1.13 script-security:1.77 momentjs:1.1.1 workflow-support:3.8 durable-task:1.37 workflow-basic-steps:2.23 workflow-durable-task-step:2.39 okhttp-api:3.14.9 junit:1.49 matrix-project:1.18 pipeline-stage-view:2.19 command-launcher:1.6 resource-disposer:0.15 ws-cleanup:0.39 ant:1.11 pipeline-build-step:2.13 bouncycastle-api:2.20 github-api:1.123 ace-editor:1.1 jquery-detached:1.2.1 pipeline-model-api:1.8.5 workflow-scm-step:2.12 workflow-cps:2.92 git:4.7.2 workflow-job:2.41 mailer:1.34 apache-httpcomponents-client-4-api:4.5.13-1.0 display-url-api:2.3.5 pipeline-graph-analysis:1.10 pipeline-milestone-step:1.3.2 snakeyaml-api:1.27.0 github:1.33.1 jackson2-api:2.12.3 jsch:0.1.55.2 pipeline-input-step:2.12 pipeline-stage-step:2.5 blueocean-jwt:1.24.7 pipeline-model-extensions:1.8.5 favorite:2.3.3 cucumber:0.0.2 workflow-cps-global-lib:2.21 jira:3.5 workflow-multibranch:2.26 blueocean-rest-impl:1.24.7 pipeline-stage-tags-metadata:1.8.5 blueocean-pipeline-api-impl:1.24.7 pipeline-model-definition:1.8.5 blueocean-jira:1.24.7 lockable-resources:2.10 blueocean-display-url:2.4.1 workflow-aggregator:2.6 sse-gateway:1.24 github-branch-source:2.9.1 blueocean-events:1.24.7 pipeline-github-lib:1.0 mapdb-api:1.0.9.0 subversion:2.13.2 ssh-slaves:1.31.2 matrix-auth:2.6.7 pam-auth:1.6 ansible:1.1 ldap:1.26 email-ext:2.83 docker-commons:1.17 azure-commons:1.1.3 azure-ad:175.v5513346d764a docker-workflow:1.26 config-file-provider:3.8.0 pipeline-multibranch-defaults:2.1 blueocean-github-pipeline:1.24.7 authentication-tokens:1.4 mercurial:2.15 blueocean-git-pipeline:1.24.7 handy-uri-templates-2-api:2.1.8-1.0 blueocean-web:1.24.7 cloudbees-bitbucket-branch-source:2.9.9 nodejs:1.4.0 sonar:2.12 xvfb:1.1.3 variant:1.4 aws-java-sdk:1.11.995 blueocean-i18n:1.24.7 aws-credentials:1.29 blueocean-autofavorite:1.2.4 windows-slaves:1.7 blueocean-config:1.24.7 cloudbees-credentials:3.3 blueocean:1.24.7 cucumber-reports:5.5.0 ansicolor:1.0.0 htmlpublisher:1.25 folder-properties:1.2.1 blueocean-bitbucket-pipeline:1.24.7 jenkins-design-language:1.24.7 blueocean-core-js:1.24.7 blueocean-commons:1.24.7 blueocean-rest:1.24.7 pubsub-light:1.13 blueocean-dashboard:1.24.7 blueocean-pipeline-scm-api:1.24.7 blueocean-personalization:1.24.7 blueocean-pipeline-editor:1.24.7 ruby-runtime:0.12 popper-api:1.16.1-2 external-monitor-job:1.7 jquery3-api:3.6.0-1 azure-credentials:182.v3ccd4a755864 copyartifact:1.46.1 windows-azure-storage:358.v5c001416d74f allure-jenkins-plugin:2.29.0 bootstrap4-api:4.6.0-3 Office-365-Connector:4.15.0 javadoc:1.6 echarts-api:5.1.0-2 checks-api:1.7.0 plugin-util-api:2.3.0 font-awesome-api:5.15.3-3 azure-container-agents:209.vb415245ae23a ivy:2.1 scmskip:1.0.3 kubernetes-credentials:0.9.0 simple-theme-plugin:0.6 theme-manager:0.6 kubernetes:1.30.0 run-condition:1.5 kubernetes-client-api:5.4.1 python:1.3 metrics:4.0.2.7 artifactory:3.11.4 caffeine-api:2.9.1-23.v51c4e2c879c8 maven-plugin:3.12 extended-read-permission:3.2 cloud-stats:0.27 azure-sdk:23.v5682688d0eef dark-theme:0.0.12 pipeline-utility-steps:2.8.0 snyk-security-scanner:2.13.0



### Reproduction steps

<!--
- Login in Jenkins , 
- Global Security settings
- Set tenant id , secret, application id
- Test user principal name or object id , add my own username username@something.com
- GET THE ERROR:

GET https://graph.microsoft.com/v1.0/users/usernmae@something.com
SdkVersion : graph-java/v3.8.0

### Results

Error code: Request_ResourceNotFound
Error code: Request_ResourceNotFound
Error message: Resource 'username@something.com' does not exist or one of its queried reference-property objects are not present.

GET https://graph.microsoft.com/v1.0/users/username@something.com
SdkVersion : graph-java/v3.8.0

404 : Not Found
[...]

[Some information was truncated for brevity, enable debug logging for more details]

com.microsoft.graph.http.GraphServiceException: Error code: Request_ResourceNotFound
Error message: Resource 'username@something.com
- GET THE ERROR:' does not exist or one of its queried reference-property objects are not present.

GET https://graph.microsoft.com/v1.0/users/username@something.com
- GET THE ERROR:
SdkVersion : graph-java/v3.8.0

404 : Not Found
[...]

[Some information was truncated for brevity, enable debug logging for more details]
    at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:419)
    at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:378)
    at com.microsoft.graph.http.CoreHttpProvider.handleErrorResponse(CoreHttpProvider.java:501)
    at com.microsoft.graph.http.CoreHttpProvider.processResponse(CoreHttpProvider.java:430)
    at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:396)
    at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:222)
    at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:199)
    at com.microsoft.graph.http.BaseRequest.send(BaseRequest.java:332)
    at com.microsoft.graph.requests.UserRequest.get(UserRequest.java:138)
    at com.microsoft.jenkins.azuread.AzureSecurityRealm$DescriptorImpl.doVerifyConfiguration(AzureSecurityRealm.java:771)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
    at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
    at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
    at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92)
    at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at org.eclipse.jetty.server.Server.handle(Server.java:516)
    at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540)
    at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395)
    at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
    at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
    at java.lang.Thread.run(Thread.java:748)

Expected result:
User successfully verified 

Actual result:
Fun thing is that I still can still login as an "Authenticated user", but I cannot explicitly add my usernamein the azure matrix , cause it's not found.
My mail corresponds to the one with which I'm logined as an "Authenticated user"

FYI 
When I search by object it I can verify the username , but I still cannot add people by object ids in the matrix/
I tested the same setup on azure ad plugin 1.2.1 in an older Jenkins and that works with no problem.
I suspect could be that the domain emails are not actually in my Azure domain. It is multitenant so people from other domains on which we trust can login through our domain.
timja commented 3 years ago

I probably need a bit more info to reproduce? How is this setup exactly?

I've checked and guests get looked up appropriately.

You can probably work around it by ticking 'Disable graph integration' saving, reloading and then adding yourself with "$DisplayName ($objectId)", and may even be able to re-enable graph after that.

alfador1 commented 3 years ago

As soon as I re-enable I get username or group not found for username@mail.com.

So how to reproduce fully: Go into Azure , create a new AD. Invite external AD users ( from another domain) as guests , create app registrations, add all the api permissions and credentials. Try to add a user from the external AD users in the Jenkins matrix or just do "verify application" it will give you "user not found".

The biggest irony is that users can login, but as authenticated users meanwhile

timja commented 3 years ago

Can you give a bit more detail about how you're adding them?

Are you using the user picker?

image

I can lookup a guest user and add them fine, along with verifying with 'verify application'

alfador1 commented 3 years ago

I can't use user picker, because it doesn't show anything there(only endless "LOADING). I can only add users if I disable graph integration and once I re-enable it I get user not found. Also I get resource not found when doing verify application image

timja commented 3 years ago

Errors will be in the browser console, probably permissions aren't right (see README for what's needed)

alfador1 commented 3 years ago

@timja Check my permissions:

image

timja commented 3 years ago

Looks fine anything in browser console?

alfador1 commented 3 years ago

As soon as I open Configure Global Security I get errors in the stacktrace

timja commented 3 years ago

what's the response code? if the /me request fails then it will disable the user picker.

anything in the server logs

alfador1 commented 3 years ago

Request is empty Jenkins logs doesn't say anything except, when I do verify application. They give the same logs as the output on the screen (resource not found )

2021-07-20 15:57:08.487+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396GET https://graph.microsoft.com/v1.0/users/email@email.com
2021-07-20 15:57:08.487+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396SdkVersion : graph-java/v3.8.0
2021-07-20 15:57:08.488+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-07-20 15:57:08.489+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-07-20 15:57:08.489+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396404 : Not Found
2021-07-20 15:57:08.490+0000 [id=39659] SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396[...]
![image](https://user-images.githubusercontent.com/35370751/126356648-1b72ec09-ee53-4acb-a85a-62000398cabe.png)
timja commented 3 years ago

You could try reproduce with: https://developer.microsoft.com/en-us/graph/graph-explorer

You might get better error messages, try the /me endpoint and looking up your user via email

alfador1 commented 3 years ago

I see your point. When I login with the graph explorer and try /me endpoint I get my my e-mail If i try same e-mail in verify application it doesn't work

On Tue, Jul 20, 2021 at 6:04 PM Tim Jacomb @.***> wrote:

You could try reproduce with: https://developer.microsoft.com/en-us/graph/graph-explorer

You might get better error messages, try the /me endpoint and looking up your user via email

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/azure-ad-plugin/issues/156#issuecomment-883511825, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIN3N77NPCI3OJQKZTFFKGDTYWM7JANCNFSM5AUOZENA .

alfador1 commented 3 years ago

If you want, I can you show on live the issue

On Tue, Jul 20, 2021 at 6:10 PM Denis Hristov @.***> wrote:

I see your point. When I login with the graph explorer and try /me endpoint I get my my e-mail If i try same e-mail in verify application it doesn't work

On Tue, Jul 20, 2021 at 6:04 PM Tim Jacomb @.***> wrote:

You could try reproduce with: https://developer.microsoft.com/en-us/graph/graph-explorer

You might get better error messages, try the /me endpoint and looking up your user via email

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/azure-ad-plugin/issues/156#issuecomment-883511825, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIN3N77NPCI3OJQKZTFFKGDTYWM7JANCNFSM5AUOZENA .

timja commented 3 years ago

Right it may not work for a guest to configure it.

That's likely enough for me to reproduce it

timja commented 3 years ago

I found a way to get to the users object ID and verified that works.

should be released soon, PR at https://github.com/jenkinsci/azure-ad-plugin/pull/165

alfador1 commented 3 years ago

Sadly the problem is still here in 184.v44f04b65bdd5 I can do "verify application" by object id of the user, but that's it. (I could do that before). Can't use people picker for guest users @timja

timja commented 3 years ago

Anything in the logs?

the above fixed my guest user

Does it work for non guest users?

alfador1 commented 3 years ago

These are the logs, which are quite fun, cause I'm logged from the user that it says "Cannot find the user"

2021-09-30 10:09:26.225+0000 [id=88022] INFO    c.m.a.m.AcquireTokenByClientCredentialSupplier#execute: SkipCache set to false. Attempting cache lookup
2021-09-30 10:09:26.329+0000 [id=88022] INFO    c.a.c.util.logging.ClientLogger#performLogging: Azure Identity => getToken() result for scopes [https://graph.microsoft.com/.default]: SUCCESS
2021-09-30 10:09:26.449+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396Graph service exception Error code: Request_ResourceNotFound
2021-09-30 10:09:26.450+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396Error message: Resource 'denis.hristov@domain.com' does not exist or one of its queried reference-property objects are not present.
2021-09-30 10:09:26.450+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-09-30 10:09:26.451+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396GET https://graph.microsoft.com/v1.0/users/denis.hristov@domain.com
2021-09-30 10:09:26.451+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396SdkVersion : graph-java/v3.8.0
2021-09-30 10:09:26.452+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-09-30 10:09:26.452+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-09-30 10:09:26.453+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396404 : Not Found
2021-09-30 10:09:26.453+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396[...]
2021-09-30 10:09:26.454+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396
2021-09-30 10:09:26.454+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 396[Some information was truncated for brevity, enable debug logging for more details]
2021-09-30 10:09:26.454+0000 [id=4213]  SEVERE  c.m.graph.logger.DefaultLogger#logError: Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: Request_ResourceNotFound
Error message: Resource 'denis.hristov@domain.com' does not exist or one of its queried reference-property objects are not present.

GET https://graph.microsoft.com/v1.0/users/denis.hristov@domain.com
SdkVersion : graph-java/v3.8.0

404 : Not Found
[...]
timja commented 3 years ago

You sure you've upgraded (and restarted)? on the new version it should be looking you up by object id and not email address

alfador1 commented 3 years ago

You sure you've upgraded (and restarted)? on the new version it should be looking you up by object id and not email address

I will restart once again, just to be on the safe side

alfador1 commented 3 years ago

Just restarted - same thing unfortunately. when I do verify application Plugin version is:

image
alfador1 commented 3 years ago

Ok, People picker is working when I start typing the name, but the verify application is not, but people picker we have atleast :P

timja commented 3 years ago

What happens with verify application?

alfador1 commented 3 years ago

The error that I showed u on top. 404 not found. People picker is working when u start typing something. That is a huge improvement. You did a good job there

timja commented 3 years ago

Created a new issue ^^