search

vinodhkumartandrothu / django_microsoft_sso

MIT License
0 stars 0 forks source link

Django Microsoft SSO not working (Azure SSO auth) and site cannot be reached at http://localhost:8000/microsoft_sso/callback/ #1

Open vinodhkumartandrothu opened 5 days ago

vinodhkumartandrothu commented 5 days ago

Django Microsoft SSO not working and site cannot be reached at http://localhost:8000/microsoft_sso/callback/?code=0.AW8Bdq0dh0K3-km8RSyHvV9bYkME2G7dNWhAp9xtpk9VIMlvAQA.AgABBAIAAAApTwJmzXqdR4BN2miheQMYAwDs_wUA9P_cCeWTUEuL_3GAxw2pLR3yopUhdJKxKur6SFer5Mbi4Uf8Z0HTxttwsJv8jeqy1zIe0xows6UVIgb_w1wOsjzuhiyUWHTQt-dbOE9ZEhZ5rf_spYcEMRyOmqxOZP3snDSqnfutGIae3xrHo9tRGIbigbCsvvcjWvHhg1ATPG5n4SAcpHWf65B7KraWrI-1L0ngrL9kWvh8f38I8EM0RKvGYHqS-KWR86pPKWXdcXFKdlkh4FRLrdS_VURknXDjaKh5q_kqXoCDnhfAnvteiyM5_lkdYKLAh3orD8rn1PIMv4Qf4B52MPTl33hv7-jVoq_93uf8l8HDhRrECvjU7LxjQZhPUPNEa50kZ56JasVp1Eg2oWfYqFCsxQSB5iHePRwsENSu8NUTFWFhRuWrfNXkw2xEAiHOZx8EpA0djNmaawBfxS0o3xJhRnn5kzFAYxj1mCUO9tLS63GYKQbZa_nQ8LacADanknRjVwJnelMHuSBrT8N3PP-wSB7pcvJtZJnGz5AheNg5yvi1hj-F0iK3It5WfPGRcy8mBkSDDjXOtJJKJov_s-PBTIF7_kW46jhhntlV3BSgv1G_lukt4PH8bzgWv_A9AbMC43JLIxoiEDJBIsOMn3XKlfgjAyB2-pgnlFf5zsiHqj64as7-IgRwcAMn9QYYy52qQqkiJQSnJ_27jmd-ipVikvtffE4k6QLl23-4sdNMH3RdsyztfJLTVI4n3fmiRB6L5bzu_srvu0gTl2kbw_Ch-zuX8m-DzxWQ16885oAG1Lk7B0LGXeIrGk-Wby_XAXx9XBFz7J0SA1REe4Byw_ZYXzqv3HeIEqJw9w3wNV8dxBc_W1wzfz0FqRCgyoeWRkAOZ7V6_HpheiDK8VUcpbN56axOICRxccVTH-Swy3MNEmtB1xemk3XBgvVmVOD3DMSaVn4LH7o0d8tcmNCnQt2k6-KOX_-mMFjNddZ3Le2y-FJmYP-6QKAb2LR_GWZ_5XlA0Kfqa2Abp0Sh2PtNCQG7C7FllFrvj0McElogGd2AFGi4jpmAzVy2l03CBBOVJ7L76fwHOSjy15BhbalHitzopbaTF4MaTLvWImEHiqipZavk3E0tfoMh2cZjuQHP9eNescB69Di9LzQeOsJHMcBZaytnvW3mXCYSQrOYJXgPx6oXUIjiu3EogMqmMXgexEtRzNs0XY5D09pgRYSob86ohiZiy5KKc_FoABHDU1s_KNa_woBEVgeV5374DeqMREXYwyRNKBELEhgz2zKLeBfPT8-dLbsbFL7a3GrobEawd48GVxmu0r-uA1D0z3alqIWboymWnqgRyxMmmtYe65QqfeDYW0ZaCfEMpWp4XyXic-lIzJbL6hKefGfxC7e3h-Y&client_info=eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtOWQ4YS05MGQ2MWQ0NzM4ZGEiLCJ1dGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIn0&state=18109584-3108-4050-9fcf-4aea13f3d828&session_state=139d2609-f5f0-4a82-b96b-599f4f350aff#

As you see the below snap, django page not redirecting after the SSO authentication.

Screenshot 2024-09-14 at 2 00 35 PM

I have refered below links and did as per the guidelines.

  1. https://pypi.org/project/django-microsoft-sso/
  2. https://megalus.github.io/django-microsoft-sso/callback/

Could you guide me any proper docs to set this up correctly OR what are all the config needs to checked in the microsoft azure account side (May be in EntraID). Everywhere i can see only Redirect URI in azure, but other settings not guided properly. As i mentioned i referred above links which is not helpful. I am not sure where its going wrong. Please guide me on this, Thanks.

Refer the file which are required to review:

Any idea @chrismaille @darqs1 @darkjonas88 @illgitthat , Since your input also helps lot.

chrismaille commented 3 days ago

Hi @vinodhkumartandrothu , thanks for the contact. I can't really help in forked projects, but feel free to open an issue on the original project. With this said, looking at the screenshot it seems to suggest Django is not responding on http://localhost:8000 - can I suggest a further investigation under your project console logs?

Maybe this can help you: https://github.com/megalus/django-google-sso/issues/37#issuecomment-2168325534

darkjonas88 commented 3 days ago

@vinodhkumartandrothu maybe, 2 good things to look at, what @chrismaille said but also, can you double check your URL file? does it look like this?

path("microsoft_sso/", include("django_microsoft_sso.urls",namespace="django_microsoft_sso")),

double check also that the port 8000 is the port your using on your django application..

vinodhkumartandrothu commented 2 days ago

Thank you for your response

Logs:

Watching for file changes with StatReloader
Performing system checks...

System check identified no issues (2 silenced).
September 17, 2024 - 06:39:07
Django version 5.1.1, using settings 'example_microsoft_app.settings'
Starting development server at http://localhost:8000/
Quit the server with CONTROL-C.

[17/Sep/2024 06:46:47] "GET /admin HTTP/1.1" 301 0
[17/Sep/2024 06:46:47] "GET /admin/ HTTP/1.1" 302 0
[17/Sep/2024 06:46:47] "GET /admin/login/?next=/admin/ HTTP/1.1" 200 6277
[17/Sep/2024 06:46:47] "GET /static/admin/css/dark_mode.css HTTP/1.1" 200 2804
[17/Sep/2024 06:46:47] "GET /static/admin/css/login.css HTTP/1.1" 200 951
[17/Sep/2024 06:46:47] "GET /static/admin/css/base.css HTTP/1.1" 200 22092
[17/Sep/2024 06:46:47] "GET /static/django_microsoft_sso/microsoft_button.css HTTP/1.1" 200 2283
[17/Sep/2024 06:46:47] "GET /static/django_google_sso/google_button.css HTTP/1.1" 200 1195
[17/Sep/2024 06:46:47] "GET /static/admin/css/nav_sidebar.css HTTP/1.1" 200 2810
[17/Sep/2024 06:46:47] "GET /static/admin/js/theme.js HTTP/1.1" 200 1653
[17/Sep/2024 06:46:47] "GET /static/admin/css/responsive.css HTTP/1.1" 200 17972
[17/Sep/2024 06:46:47] "GET /static/admin/js/nav_sidebar.js HTTP/1.1" 200 3063
2024-09-17 06:46:48.922 | DEBUG    | django_microsoft_sso.main:get_netloc:40 - Find Netloc using MICROSOFT_SSO_CALLBACK_DOMAIN
2024-09-17 06:46:48.923 | DEBUG    | django_microsoft_sso.main:get_redirect_uri:55 - Callback URI: http://localhost:8000/microsoft_sso/callback/
[17/Sep/2024 06:46:48] "GET /microsoft_sso/login/?next=/admin/ HTTP/1.1" 302 0
2024-09-17 06:47:07.436 | DEBUG    | backend:pre_create_callback:54 - Microsoft Graph API response: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users/$entity', 'businessPhones': [], 'displayName': 'Vinodh K', 'givenName': 'Vinodh', 'jobTitle': None, 'mail': None, 'mobilePhone': None, 'officeLocation': None, 'preferredLanguage': 'en', 'surname': 'K', 'userPrincipalName': 'vinodhdlegend_gmail.com#EXT#@vinodhdlegendgmail.onmicrosoft.com', 'id': '269fdab1-f518-4b46-8a78-b575936258f2', 'email_verified': False}
2024-09-17 06:47:07.446 | DEBUG    | backend:pre_create_callback:71 - Creating new user with username: vinodhdlegend_gmail.com#EXT#_269fdab1f5184b468a78b575936258f2
2024-09-17 06:47:07.446 | DEBUG    | backend:pre_create_callback:73 - Creating user with username: vinodhdlegend_gmail.com#EXT#_269fdab1f5184b468a78b575936258f2
2024-09-17 06:47:07.611 | DEBUG    | backend:pre_create_callback:83 - Organization Info: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#organization', 'value': [{'id': '871dad76-b742-49fa-bc45-2c87bd5f5b62', 'deletedDateTime': None, 'businessPhones': [], 'city': None, 'country': None, 'countryLetterCode': 'US', 'createdDateTime': '2024-09-13T02:06:06Z', 'defaultUsageLocation': None, 'displayName': 'Default Directory', 'isMultipleDataLocationsForServicesEnabled': None, 'marketingNotificationEmails': [], 'onPremisesLastSyncDateTime': None, 'onPremisesSyncEnabled': None, 'partnerTenantType': None, 'postalCode': None, 'preferredLanguage': 'en', 'securityComplianceNotificationMails': [], 'securityComplianceNotificationPhones': [], 'state': None, 'street': None, 'technicalNotificationMails': ['vinodhdlegend@gmail.com'], 'tenantType': 'AAD', 'directorySizeQuota': {'used': 38, 'total': 50000}, 'privacyProfile': None, 'assignedPlans': [], 'onPremisesSyncStatus': [], 'provisionedPlans': [], 'verifiedDomains': [{'capabilities': 'Email, OfficeCommunicationsOnline', 'isDefault': True, 'isInitial': True, 'name': 'vinodhdlegendgmail.onmicrosoft.com', 'type': 'Managed'}]}]}
[17/Sep/2024 06:47:07] "GET /microsoft_sso/callback/?code=0.AW8Bdq0dh0K3-km8RSyHvV9bYkME2G7dNWhAp9xtpk9VIMlvAQA.AgABBAIAAAApTwJmzXqdR4BN2miheQMYAwDs_wUA9P_07xhJhktIq_iuApV9Bo_oyZkWCofvpakZVlhQsIomCumG_H0vr9zWfRjBZqrRqiWVzJCZxfYXFql5JY7t-wEirmjW6XntY6ZxC3ttUOfE5GD5Wph-GEJwsg_oonib4T953sxRs4IduUYy2eTjd-RvnAkI26a-CL16VdfZQCSLFCBK7klO92lsaHVhNSYlztcFHWXpdLvPlQ9Zr3Y1cyTf3GoVDdNwxcfy6TLwIUtKT7HodMYZ8UGK1eRhBDMKHAXegqp8IZSOzo5f5cFSbI_OJ-z4rcPabW2PxZS-MQqnXG5uMpkYDlDxpMhaUWedsFI0zpBqLqCTk2ZRt4LTHdWowwVpC7r9b1jDvTHcuRM_ugz8TTrb5byY_NaGF1wu3eE458EDpfNgJdSU1KbPVinTPjMQXaglqnS0kungGRUATTOTe4A3z8u4Pg3qDW_fheRE4yeiqdXincEKGoAKPEO3Q6h2TG06kaCbp4wzQuQLVQScCzpqLSvaGFe5hobRYcVwVZE5NvApP7EBYYhGPGQoL8j0YycV7G7OAsP7Svcgd5geMZpNTnDQx_UsXYJuKUbV-oqRIeDytwXGLNu87lijjUHRQfAmmqJZc30Q7jHXTy1XhDeEjA11iQ41cdQTaEFAo__mJWZuHHLVIH0edFcLVuK1s2XJY83qczFaDnfCmIDyqjF1ZwnsgfCw55kf7ygOz4bGhdTjrUlQryGnhoea3atHTY1qqoqN8TD8c9hguE6w_TdVINNhjn6NFqSXKLukKXELlNlJJWdYr68AmjP80hFgkESDQhQDF-A0gDrJ5NFwfCBCpUqjd9LhzHQfd-j_a9ulAu_-trJyWwHN0WdsGm0xjSpfsAOYJDzNFsRUDHCz7haYECYIREd40isKZ1BfWJ6WaRdmIKJIRnLTp7BDX5yihuUuC7O-CqVrYmwAIT4Qje3Yy0MMnHCI9EF3b9VAi4Ei7FQ0C2MYqhK6vws_O4e54sekGT9zEQYxnoVA-n_OBTqSLrpxfYr4prYaHhPRz8A1lfIpGPhhW08BT8kLzsj5_ON1nBPvLWrbz7QEgZYxpu3g6SGWWzeRx_XNquwyv4NLr-WE7IiQ-APXInFdDHanvAdmThpzmkBDHSgsnb1BJa0i85Nrhk5dMr3BibA0k7LQVGblWcbhKrkDW6LuZvwy4Bj8vilL7jnlxpSBbA4qG7Do8aXJpKMGNVB6cx_LWY54XiHhPNvIpHbM4Djgi3irMTUPx17dZhcxT_VYhAjdwYds-2ZcwAPZHmRRGSgH6Tk-yikQz7IaRZxyFxfbiOz_aeYWvhppHhpNMBr2hOoLkU9zwT215A8PU9ojJNGJUtdh_4PyH4eCXg0dWN1lyZAW&client_info=eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtOWQ4YS05MGQ2MWQ0NzM4ZGEiLCJ1dGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIn0&state=0c3359ce-820d-487b-8c62-cf0426442785&session_state=6ecc01fa-f0f4-4075-b58e-b19af3a9a42f HTTP/1.1" 302 0
[17/Sep/2024 06:47:07] "GET /admin/ HTTP/1.1" 302 0
[17/Sep/2024 06:47:07] "GET /admin/login/?next=/admin/ HTTP/1.1" 200 6426
[17/Sep/2024 06:47:07] "GET /static/admin/img/icon-yes.svg HTTP/1.1" 200 436

@chrismaille _ Server is running on http://localhost:8000 and I will create an issue under original repo. Please see the logs above and please help me out.

I've set MICROSOFT_SSO_AUTO_CREATE_USERS = False in my settings.py file because I already have an existing user database, and I do not want the system to automatically create new users.

However, when I attempt to log in with these existing users, one of the following happens: I am redirected back to the admin login page (looping without successful login) or I receive a "Site cannot be reached" error.

Maybe this can help you: https://github.com/megalus/django-google-sso/issues/37#issuecomment-2168325534

I already aded that MICROSOFT_SSO_ALLOWABLE_DOMAINS=["outlook.com","dailyplanet.com","gmail.com"] in my settings.py

vinodhkumartandrothu commented 2 days ago

@darkjonas88 - Thank you for your response.

My server is running on port 8000. Please see the logs and above description.

Yes, the mentioned url is same in my urls.py file.

path( "microsoft_sso/", include("django_microsoft_sso.urls", namespace="django_microsoft_sso"), ),

darkjonas88 commented 2 days ago

@vinodhkumartandrothu the looping into the admin page is most likely because to enter the Django Admin page your used needs to be flagged as an Staff. Use this in your settings for now: MICROSOFT_SSO_STAFF_LIST = ["*"] Regarding the site cannot be reached, it is very hard to track because your log doesn't show exactly errors at this point. Maybe @chrismaille will have an idea.

vinodhkumartandrothu commented 1 day ago

Hi @darkjonas88 In our user database, we have superusers, staff users, and regular users. While any user should be able to log in using the SSO button, only staff users or superusers have access to the Django Admin page. We cannot flag all users as staff. Each user's access to the admin page should be based on their existing roles within our system.

Therefore, we need to ensure that the SSO login respects these roles and doesn't automatically grant admin access to users without staff or superuser privileges.