tim-schilling
commented
5 months ago You should review and share the logs. There is valuable information in them that will help you debug the integration.
Closed kostas2370 closed 5 months ago
tim-schilling
commented
5 months ago You should review and share the logs. There is valuable information in them that will help you debug the integration.
kostas2370
commented
5 months ago tim-schilling
commented
5 months ago Don't take screenshots of code and logs. You should copy / paste it and format it.
kostas2370
commented
5 months ago monitor-risk-backend | DEBUG 2024-01-11 11:43:25,099 django_auth_adfs Loading ID Provider configuration.
monitor-risk-backend | INFO 2024-01-11 11:43:25,099 django_auth_adfs Trying to get OpenID Connect config from https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/v2.0/.well-known/openid-configuration?appid=2715750a-e292-488b-a2b7-df8dc29e18b7
monitor-risk-backend | DEBUG 2024-01-11 11:43:25,637 django_auth_adfs Loading public key from certificate: MIIC8DCCAdigAwIBAgIQYVUSY5OjnZdBTlwI0sb4uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDAxMDkxMDA0NTlaFw0yNzAxMDkxMDA0NTlaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5iaVbuknqayhFmi0TkRNhD9I8VnPnhSBzlweox8iy0xlVtchNb9KcsXpMjaB8ILQjNJ0t8+Jj9wRrkEnLOkeU8AA4d4PusG1rg7SGYIp8ct6FShKUo5lBGNjAFFqpNTof2DbPwKdm3w30Sj9zS9qaCSJxOR6REX+k3M5ZJVEmbvx2KllRqQp0Qs1GQjthezyMSN4wyZ7vd3HKmTWKNNUambVY6gqlOKYeCEiYBg2FUn6rvnJjmBSSs4nSR1YeqxnxY1XUEZqf6JqjZVi3+hrt30rKcaHprziHTJqQ+ipHLHsLqiV0iuPmQIF8UXKDxTge+FN2x8IqcWhvU3xXQfwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBenkvnyO12n00Y/A19jwx+4PBsNvnIyOaYG3aKw/MqWk0DjpAwmwNKpqUv1D9VK87VMp+VY2R6qUu6LzFqrtPjyRe/jk69zaWg5Xs9RYCS5oN9Bdbui/WIzxkVUZ7y4l3HDb4tIEms714dhiMfVjV0Gj8YPiQFIALK6zsZQoGUoop+JKVGRPjbLJNVTw4UYPFuyJcF8RRgr03lElsVRqUM6Zs+OjBZ74mLTWeJSVLrybhAih0D/m5BxIViglh9iuYwP8Fy45HyhBlOaDQ5G01tzHpp7WUs8IjHjZtuQyshdJa+Q0oXRjS0/YlkGJ3ANFl5+lwP6hMX/WlDZUTy6UEt
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs Loaded settings from ADFS server.
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs operating mode: openid_connect
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs authorization endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/authorize
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs token endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/token
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs end session endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/logout
monitor-risk-backend | INFO 2024-01-11 11:43:25,646 django_auth_adfs issuer: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/v2.0
monitor-risk-backend | INFO 2024-01-11 11:43:25,646 django_auth_adfs msgraph endpoint: graph.microsoft.com
monitor-risk-backend | DEBUG 2024-01-11 11:43:25,646 django_auth_adfs Received access token: eyJ0eXAiOiJKV1QiLCJub25jZSI6IkNlS1h5M0NYU1RvbUtFTUlZX2gzcFhnd2VvQlZyRW5SeENRX2NjcXJzNnMiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9lZjE0MGMwZC00MTdhLTQ0N2MtYmRiMS0xZjQ3ZTVlOGQyYzAvIiwiaWF0IjoxNzA0OTcxODE5LCJuYmYiOjE3MDQ5NzE4MTksImV4cCI6MTcwNDk3Njg5MSwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhWQUFBQXZpVjdzNVJVaXRMNHBvTXU5eDlPd0djZUpCUWUxUk1UMHVIUFJ0L3k3Qm5MTjFaM0FMVGRZU2ZiTnlVS1JwLy9sWWc1OUJGSXVDY2trZnROTis1ckh3PT0iLCJhbHRzZWNpZCI6IjU6OjEwMDMyMDAyRTlDRkE4OUQiLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6Im1vbml0b3Jpc2tfc3RhZ2UiLCJhcHBpZCI6IjI3MTU3NTBhLWUyOTItNDg4Yi1hMmI3LWRmOGRjMjllMThiNyIsImFwcGlkYWNyIjoiMSIsImVtYWlsIjoia2RhbWlhbm9zQGRlbG9pdHRlLmdyIiwiZmFtaWx5X25hbWUiOiJEYW1pYW5vcyIsImdpdmVuX25hbWUiOiJLb25zdGFudGlub3MiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zNmRhNDVmMS1kZDJjLTRkMWYtYWYxMy01YWJlNDZiOTk5MjEvIiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiNzkuMTAzLjE0Ny4xMDEiLCJuYW1lIjoiRGFtaWFub3MsIEtvbnN0YW50aW5vcyIsIm9pZCI6IjViYWNhNTg0LTBmYWEtNDI1OC1hYTE1LTAwYmQyZDJkNjFkZSIsInBsYXRmIjoiMTQiLCJwdWlkIjoiMTAwMzIwMDMzQkJBQzA3OCIsInJoIjoiMC5BWGtBRFF3VTczcEJmRVM5c1I5SDVlalN3QU1BQUFBQUFBQUF3QUFBQUFBQUFBQ1VBSTQuIiwic2NwIjoiQWNyb255bS5SZWFkLkFsbCBBZG1pbmlzdHJhdGl2ZVVuaXQuUmVhZC5BbGwgQWRtaW5pc3RyYXRpdmVVbml0LlJlYWRXcml0ZS5BbGwgQWdyZWVtZW50QWNjZXB0YW5jZS5SZWFkLkFsbCBBcHBsaWNhdGlvbi5SZWFkLkFsbCBBcHBsaWNhdGlvbi5SZWFkV3JpdGUuQWxsIERpcmVjdG9yeS5SZWFkLkFsbCBlbWFpbCBvcGVuaWQgcHJvZmlsZSBTTVRQLlNlbmQgVXNlci5FbmFibGVEaXNhYmxlQWNjb3VudC5BbGwgVXNlci5FeHBvcnQuQWxsIFVzZXIuSW52aXRlLkFsbCBVc2VyLk1hbmFnZUlkZW50aXRpZXMuQWxsIFVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCBVc2VyLlJlYWRXcml0ZSBVc2VyQWN0aXZpdHkuUmVhZFdyaXRlLkNyZWF0ZWRCeUFwcCBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZCBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZC5BbGwgVXNlckF1dGhlbnRpY2F0aW9uTWV0aG9kLlJlYWRXcml0ZSBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZFdyaXRlLkFsbCIsInN1YiI6ImlNeW1TYU1tc29XVzI0RXRUVFd5a3p4Rzg2ZUJiMDBNVEJ3cEdqZVBNSnciLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiRVUiLCJ0aWQiOiJlZjE0MGMwZC00MTdhLTQ0N2MtYmRiMS0xZjQ3ZTVlOGQyYzAiLCJ1bmlxdWVfbmFtZSI6ImtkYW1pYW5vc0BkZWxvaXR0ZS5nciIsInV0aSI6ImtrVm5WWDB0MkVTeWd5Q1BRMmdaQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdLCJ4bXNfc3QiOnsic3ViIjoic01uSzZMLVIwRURuT09pbTE4czBaS01LSnBYYmRaaHZFWVA0UzFCcEYtdyJ9LCJ4bXNfdGNkdCI6MTY2MTI3MDMwMSwieG1zX3RkYnIiOiJFVSJ9.03IHbplfSP4Xe8pzrR8I4GEBdeMHmKi-d9s8rrMQcSU6P41Vg6IckWXi6yUNIqz4eVltSJj1UkMgTw1839FRtX24rzEvHFkx5m_7dUzTu8mW2lWbEOT1LJ03LTNSSud7BHU0ZDQcUAAbtltdo3L1_emYmOO0wB_lJ4_cMxZ0PkzppTOnTs87fBq6sZmgogKZw7j2wDj_1LozSLWwYr4MeRnBrbbC5MnPJiFKeSbGeZ6y5hw6GC6oEuJQ1ZWl7POoeR-0t6I8RotvNcj7Sg6t9NS6aLz4JS_DBZ61mAH_7KX8yujXBSzRVc8tKTaKq0J1840hwPfuqGRfTREDlqXjcQ
monitor-risk-backend | INFO 2024-01-11 11:43:25,649 django_auth_adfs Error decoding signature: Signature verification failed
monitor-risk-backend | Unauthorized: /api/regulations/You could inspect what the various values are in the jwt that's being decoded to see what's wrong by temporarily setting verify_signature=False here https://github.com/snok/django-auth-adfs/blob/master/django_auth_adfs%2Fbackend.py#L140
kostas2370
commented
5 months ago The problem is in aud verification , i set it False , and it worked fine . As audience i setted my client_id . i do not know why it fails there..
tim-schilling
commented
5 months ago What value is AD providing in the token for aud? How does that compare to your settings value?
kostas2370
commented
5 months ago
I do not know why it has the graph url instead of my client id...
kostas2370
commented
5 months ago The issue was on the token our front end was sending us . We changed to v2 token in front and back and it got fix. Thank you for support Tim !!
tim-schilling
commented
5 months ago Glad to hear you figured it out.
Hello guys , i have an issue with azureAD implementation in rest framework:
In logs it says : django_auth_adfs Error decoding signature: Signature verification Failed .
The access token seems to work , because when i call : https://graph.microsoft.com/v1.0/me/ , I get my data right .
Upvote & Fund