search

microsoft / BotFramework-WebChat

A highly-customizable web-based client for Azure Bot Services.
https://www.botframework.com/
MIT License
1.6k stars 1.55k forks source link

WebChat SSO Enterprise returns Bad Request from token.botframework using ITSM skill #3112

Closed Lippy1m1 closed 4 years ago

Lippy1m1 commented 4 years ago

Attempting to sign into the ServiceNow instance using SSO Enterprise webchat after authenticating it returns a request and doesn't allow me to interact with then skill using those credentials.

Screenshots

image

Version

I am using the SSO Enterprise example 7. Advanced Web Chat apps and b. sso-for-enterprise.

To determine what version of Web Chat you are running, open your browser's development tools, and paste the following line of code into the console.

[].map.call(document.head.querySelectorAll('meta[name^="botframework-"]'), function (meta) { return meta.outerHTML; }).join('\n')

If you are using Web Chat outside of a browser, please specify your hosting environment. For example, React Native on iOS, Cordova on Android, SharePoint, PowerApps, etc.

Describe the bug

Steps to reproduce

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

I should be able to use the service now credentials for the SSO enterprise to authenticate to the ITSM skill.

Additional context

[Bug]

tonyanziano commented 4 years ago

@compulim can you please take a look at this issue? Thanks.

compulim commented 4 years ago

Need to find someone from service team. Maybe because our token service doesn't play nice with ServiceNow. The OAuth token exchange is being done on the token service.

Lippy1m1 commented 4 years ago

Any update on this by chance?

cleemullins commented 4 years ago

@swagatmishra2007 Please address immediately.

swagatmishra2007 commented 4 years ago

Apologies..didnt see this earlier... @Lippy1m1 i am assuming that you are able to sign into ServiceNow via webchat and SSO on skill does not work and the skill is unable to signin via SSO? What i don't understand is why is there a request to token.botframework.com in there? Can you describe a bit about your setup? i am not very familiar with servicenow, but does it use AAD underneath? Currently, we only support AADV2 connections only for SSO , so any other type of token exchange request will be rejected

Lippy1m1 commented 4 years ago

So ServiceNow's authentication mechanism is Generic OAuth V2 which works with the BotFramework, but when I tried to add a button on the SSO example for it, I get the screen shot you see above.

I am attempting to have the ability to sign into ServiceNow via Webchat such that they don't have to copy and paste the token into the bot to interact with ServiceNow. Another solution would be to somehow pass the authentication between the servicenow portal where the bot is launched from so that the webchat already recognizes that previous authentication.

swagatmishra2007 commented 4 years ago

That does not seem like a supported scenario for SSO via BotFramework. Currently, we only support AAD V2 provider for SSO. your second solution might be something you can do, if you can find a way to provide the token to webchat via a middleware. The current SSO sample does something similar - where the aadv2 token from the hosting website is accessed by webchat, but that is for aadv2 only and uses msal.