Closed dimkoug closed 3 years ago
Sounds like you haven't set it up right. Users are created on login.
my configuration setup
AUTHENTICATION_BACKENDS = ( 'django_auth_adfs.backend.AdfsAccessTokenBackend', "django.contrib.auth.backends.ModelBackend", )
AUTH_ADFS = { 'AUDIENCE': client_id, 'CLIENT_ID': client_id, 'CLIENT_SECRET': cient_secret, 'CLAIM_MAPPING': {'first_name': 'given_name', 'last_name': 'family_name', 'email': 'upn'}, 'GROUPS_CLAIM': 'roles', 'MIRROR_GROUPS': True, 'USERNAME_CLAIM': 'upn', 'TENANT_ID': tenant_id, 'RELYING_PARTY_ID': client_id, }
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django_auth_adfs.middleware.LoginRequiredMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
`AUTH_USER_MODEL = 'app.CustomUser'
LOGIN_URL = "django_auth_adfs:login" LOGIN_REDIRECT_URL = "/" LOGOUT_REDIRECT_URL = '/'`
DEBUG = True
ALLOWED_HOSTS = ['127.0.0.1', 'localhost'] `
in the azure application as callback url i use
Please change your accestoken backend into AuthCodeBackend as seen here: https://django-auth-adfs.readthedocs.io/en/latest/install.html#setting-up-django
I'm suspecting the Azure AD docs tells you to use the wrong backend. I'll double check when I get on my computer.
from the cosole logs i get this log
django_auth_adfs Invalid issuer Unauthorized: /oauth2/callback
Did you do what I wrote above?
Please enable debug logs (there's a guide on how to do that in the docs), and show the entire stack trace.
yes i changed it from the link from your message
the callback path that i use in the azure portal is
It's impossible for me to help you if you don't provide me with what I'm asking for.
the logs from the console
127.0.0.1 - - [31/Jan/2021 14:51:50] "GET / HTTP/1.1" 302 - DEBUG 2021-01-31 14:51:50,427 django_auth_adfs Loading django_auth_adfs ID Provider configuration. INFO 2021-01-31 14:51:50,427 django_auth_adfs Trying to get OpenID Connect config from https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/.well-known/openid-configuration?appid=6c31f100-f10e-4bb4-bc3a-8db3638ba721 DEBUG 2021-01-31 14:51:51,013 django_auth_adfs Loading public key from certificate: DEBUG 2021-01-31 14:51:51,013 django_auth_adfs Loading public key from certificate: INFO 2021-01-31 14:51:51,013 django_auth_adfs django_auth_adfs loaded settings from ADFS server. INFO 2021-01-31 14:51:51,013 django_auth_adfs operating mode: openid_connect INFO 2021-01-31 14:51:51,013 django_auth_adfs authorization endpoint: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/authorize INFO 2021-01-31 14:51:51,013 django_auth_adfs token endpoint: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/token INFO 2021-01-31 14:51:51,013 django_auth_adfs end session endpoint: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/logout INFO 2021-01-31 14:51:51,013 django_auth_adfs issuer: https://sts.windows.net/583f3da6-fd9f-435b-8f9a-2227f4828edd/ 127.0.0.1 - - [31/Jan/2021 14:51:51] "GET /oauth2/login?next=/ HTTP/1.1" 302 - DEBUG 2021-01-31 14:52:15,035 django_auth_adfs Received authorization code: DEBUG 2021-01-31 14:52:15,035 django_auth_adfs Getting access token at: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/token DEBUG 2021-01-31 14:52:15,352 django_auth_adfs Received access token: INFO 2021-01-31 14:52:15,352 django_auth_adfs Invalid issuer Unauthorized: /oauth2/callback 127.0.0.1 - - [31/Jan/2021 14:52:15] "GET /oauth2/callback?code=&state=Lw%3d%3d&session_state=4b05e4dc-700d-40e6-86eb-42e24bd8b10a HTTP/1.1" 401 - 127.0.0.1 - - [31/Jan/2021 14:52:15] "GET /favicon.ico HTTP/1.1" 302 - 127.0.0.1 - - [31/Jan/2021 14:52:15] "GET /oauth2/login?next=/favicon.ico HTTP/1.1" 302 - DEBUG 2021-01-31 14:52:16,237 django_auth_adfs Received authorization code: DEBUG 2021-01-31 14:52:16,237 django_auth_adfs Getting access token at: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/token DEBUG 2021-01-31 14:52:16,454 django_auth_adfs Received access token: INFO 2021-01-31 14:52:16,454 django_auth_adfs Invalid issuer Unauthorized: /oauth2/callback 127.0.0.1 - - [31/Jan/2021 14:52:16] "GET /oauth2/callback?code=&state=L2Zhdmljb24uaWNv&session_state=4b05e4dc-700d-40e6-86eb-42e24bd8b10a HTTP/1.1" 401 -
Hi, sorry for the delayed response. I couldn't find anything wrong for a while.
Can you go to this site:
Click into Manifest
and change accessTokenAcceptedVersion
to null
or 1
:
Docs: https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#v10-and-v20
i did the change and i get this error
Forbidden: /oauth2/callback 127.0.0.1 - - [02/Feb/2021 09:42:22] "GET /oauth2/callback?code=&session_state=HTTP/1.1" 403 - 127.0.0.1 - - [02/Feb/2021 09:42:23] "GET /favicon.ico HTTP/1.1" 302 - 127.0.0.1 - - [02/Feb/2021 09:42:23] "GET /oauth2/login?next=/favicon.ico HTTP/1.1" 302 - DEBUG 2021-02-02 09:42:24,051 django_auth_adfs Received authorization code: DEBUG 2021-02-02 09:42:24,051 django_auth_adfs Getting access token at: https://login.microsoftonline.com/583f3da6-fd9f-435b-8f9a-2227f4828edd/oauth2/token DEBUG 2021-02-02 09:42:24,269 django_auth_adfs Received access token: DEBUG 2021-02-02 09:42:24,417 django_auth_adfs Attribute 'first_name' for user ' useremail' was set to 'name'. DEBUG 2021-02-02 09:42:24,417 django_auth_adfs Attribute 'last_name' for user 'useremail' was set to 'surname'. DEBUG 2021-02-02 09:42:24,417 django_auth_adfs Attribute 'email' for user 'useremail' was set to 'useremail'. DEBUG 2021-02-02 09:42:24,464 django_auth_adfs The configured groups claim 'roles' was not found in the access token DEBUG 2021-02-02 09:42:24,464 django_auth_adfs The configured group claim was not found in the access token Forbidden: /oauth2/callback 127.0.0.1 - - [02/Feb/2021 09:42:24] "GET /oauth2/callback?code= HTTP/1.1" 403 -
Now the the token is validated and OK, the user is created.
Can you post your entire settings.py
, or e-mail it to me on jonas-ks@hotmail.com
?
i send it with email
Please delete all access_token
s and code=..
from this issue.
For googlers: Changing accessTokenAcceptedVersion
solved the issue as we can see in the logs above. The errors he gets now is related to his custom user model.
Hi JonasKs & dimkoug , I am getting the same issue, and I changed the accessTokenAcceptedVersion as you mentioned. But still, I am getting 401 Unauthorized message I am not using any custom user model as well. can you please help?
[13/Mar/2021 10:37:54] "GET /outh HTTP/1.1" 404 2060 [13/Mar/2021 10:38:03] "GET /oauth2/login HTTP/1.1" 302 0 Unauthorized: /oauth2/callback [13/Mar/2021 10:38:17] "GET /oauth2/callback?code=0
Send me your entire settings.py file on email and let me know if you're using ADFS or Azure AD.
I will probably not be able to test out your settings this weekend, but I'll look over them.
Also check the docs on how to enable debug logs, and send me the entire log trace back.
The reason I want this on mail is because I don't want sensitive information posted here(such as client secretand your access token), but if you're able to decode your JWT token and clean out your settings.py, you can post here. 😊 Mail is safest, though.
Okay, sent an email.
Documentation don't have adding the AuthCodeBackend in it. Adding that fixed his issue.
I'll try to correct this ASAP.
Create your own issue, with full trace back, debug logs etc. See the documentation
Hi, sorry for the delayed response. I couldn't find anything wrong for a while.
Can you go to this site:
Click into
Manifest
and changeaccessTokenAcceptedVersion
tonull
or1
:Docs: https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#v10-and-v20
updating manifest and changing accessTokenAcceptedVersion to null was an effective fix for me. I had manually changed my accessTokenAcceptedVersion to version 2 as per these guidelines https://learn.microsoft.com/en-us/office/dev/add-ins/develop/create-sso-office-add-ins-nodejs when trying to develop and excel addin with SSO that connects to my django rest framework api
When i login via adfs and the user does not exists in django users table i get login failed , also in my project i use custom User Model
How to login the user with adfs and if the user dose not exist to create them