search

scottdurow / SparkleXrm

An open-source library for building Dynamics CRM XRM solutions using Script#, jQuery & Knockoutjs.
MIT License
266 stars 197 forks source link

MFA not working? #308

Open pritchie99 opened 5 years ago

pritchie99 commented 5 years ago

Hi - I am attempting to get started with deploying plugins to a new online dev environment that has multi-factor authentication enabled. However authentication fails with the following message. Can I check whether this should work? ( I can successfully connect to other online sites without this enabled)


Enter a CRM server name and port [crm.dynamics.com]: crm6.dynamics.com
Is this organization provisioned in Microsoft Office 365 (y/n) [y]: y

 Enter Username: PxxxXxxxxxxx@xxxxxxxxxx.gxxx.nz
 Enter Password: *********

The application terminated with an error.
Value cannot be null.
Parameter name: identityProvider
   at Microsoft.Xrm.Sdk.ClientExceptionHelper.ThrowIfNull(Object parameter, String name)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateOnlineFederationInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetProxy[TService,TProxy](Configuration currentConfig)
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetDiscoveryProxy()
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetOrganizationAddress()
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetServerConfiguration(Boolean ignoreLocalPrincipal)
   at SparkleXrmTask.Program.Run(CommandLineArgs arguments)
   at SparkleXrmTask.Program.Main(String[] args)
Error Code=1

The application fails when I respond O365=No. I am using spkl.1.0.233-beta.

pritchie99 commented 5 years ago

Also I get the following (different - more informative) result when reverting to the latest stable version. Any advice would be greatly appreciated.

Using 'C:\ClientCode\Xxxxxxxxxxxxxx\Plugins\ApplyValidationRules\packages\spkl.1.0.226\tools\spkl.exe'
spkl Task Runner v1.0.226.1     Tasks v1.0.226.1

(0) Add New Server Configuration (Maximum number up to 9)
<SNIP>

Specify the saved server configuration number (1-5) [5] : 0

Enter a CRM server name and port [crm.dynamics.com]: crm6.dynamics.com
Is this organization provisioned in Microsoft Office 365 (y/n) [y]: y

 Enter Username: PxxxXxxxxxxx@xxxxxxxxxx.gxxx.nz
 Enter Password: *********

The application terminated with an error.
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.Security.IWSTrustContract.Issue(Message message)
   at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateTokenWithOrgIdForCrm(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateOnlineFederationInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetProxy[TService,TProxy](Configuration currentConfig)
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetDiscoveryProxy()
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetOrganizationAddress()
   at Microsoft.Crm.Sdk.Samples.ServerConnection.GetServerConfiguration(Boolean ignoreLocalPrincipal)
   at SparkleXrmTask.Program.Run(CommandLineArgs arguments)
   at SparkleXrmTask.Program.Main(String[] args)
Authentication Failure
scottdurow commented 5 years ago

spkl dos not support MFA at this time.

twiga2013 commented 5 years ago

Just checking if MFA is supported on spkl

cijoyfrancis commented 4 years ago

I am having the same issue. Scott, just wondering if spkl supports MFA now?

scottdurow commented 4 years ago

Using the latest beta (https://www.nuget.org/packages/spkl/1.0.375-beta) you should be able to get MFA logins working by supplying a connection string similar to:

unpack.bat "AuthType=OAuth;Url=https://org1234abc.crm4.dynamics.com;AppId=51f81489-12ee-4a9e-aaae-a2591f45987d;RedirectUri=app://58145B91-0C36-4500-8554-080854F2AC97;TokenCacheStorePath=C:\Users\<yourusername>\MyTokenCache;LoginPrompt=Auto"

The AppId and RedirectUri are the development ones provided at https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/xrm-tooling/use-connection-strings-xrm-tooling-connect

scottdurow commented 4 years ago

If you wanted to run spkl unattended in a CI build - you would register an application user and pass the applicationid and secret.

TclasenITVT commented 4 years ago

What needs to be done to get this moved out of Beta?

scottdurow commented 4 years ago

It seems that there is a regression in the latest beta that has MFA support - #366 Does anyone want to work on that?

cyus commented 4 years ago

Is it possible to apply Open SDK Login control on Sparkle? If possible then I will try to take it on. Or we are unable to invoke that since we are in the command? I will check online if this is possible. Thank you

cyus commented 4 years ago

My bad! It worked! Building the project overwrites the beta. I am surprised the IDS would be the same. Great stuff as always!