search

snok / django-auth-adfs

A Django authentication backend for Microsoft ADFS and AzureAD
http://django-auth-adfs.readthedocs.io/
BSD 2-Clause "Simplified" License
270 stars 98 forks source link

Django Azure ADFS Issue #249

Closed sambuca231 closed 1 year ago

sambuca231 commented 1 year ago

Hi,

I'm facing issues with the ADFS Django functionality. Can someone help?

LOG: django_auth_adfs loaded settings from ADFS server. operating mode: openid_connect authorization endpoint: [https://login.microsoftonline.com/xxx token endpoint: [https://login.microsoftonline.com/xxx/oauth2/token] end session endpoint: [https://login.microsoftonline.com/xxx/oauth2/logout] issuer: https://sts.windows.net/xxx/ django_auth_adfs authentication backend was called but no authorization code was received

settings.py:

AUTH_ADFS = {
    'AUDIENCE': client_id,
    'CLIENT_ID': client_id,
    'RELYING_PARTY_ID': client_id,
    'CLIENT_SECRET': client_secret,
    'CLAIM_MAPPING': {'first_name': 'given_name',
                      'last_name': 'family_name',
                      'email': 'upn'},
    'GROUPS_CLAIM': 'roles',
    'MIRROR_GROUPS': True,
    'USERNAME_CLAIM': 'upn',
    'TENANT_ID': tenant_id ,
    'LOGIN_EXEMPT_URLS': ["api/", "public/"],
    'VERSION': 'v1.0'
}
JonasKs commented 1 year ago

Please read the troubleshooting section.

sambuca231 commented 1 year ago

That was not really helpfull....anyway I found maybe a point. Concerning the LOG the issuer is: https://sts.windows.net/xxx/

But within Azure AD it is defined as following: https://sts.windows.net/xxx/v2.0

How can I impact only the issuer with the additional required "/v2.0"?

Can you tell me?

Thank you

JonasKs commented 1 year ago

This is probably because your token is configured to a v2 instead of a v1.

JonasKs commented 1 year ago

The troubleshooting section is for you to post proper logs to me, with error codes etc.

sondrelg commented 1 year ago

Closing from lack of response. Feel free to reopen :slightly_smiling_face: