Problems connecting using accounts with MFA enabled #34
Comments
|
I managed to fix it by by-passing all requests coming from the app in my conditional access rule. |
|
As you have just done it, can you double check and/or improve the notes on #12 (comment) (also a screenshot non-dark theme would be great) Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Thank you for your great work.
Everything is working as it should be - exept with accounts that has MFA enabled,
I am getting this error :
rlm_perl: oauth2 authenticate
(17) oauth2_perl: EXPAND realm[].oauth2.client_id
(17) oauth2_perl: --> realm[].oauth2.client_id
(17) oauth2_perl: EXPAND %{config:realm[].oauth2.client_id}
(17) oauth2_perl: --> ....
(17) oauth2_perl: EXPAND realm[].oauth2.client_secret
(17) oauth2_perl: --> realm[].oauth2.client_secret
(17) oauth2_perl: EXPAND %{config:realm[].oauth2.client_secret}
(17) oauth2_perl: --> .....
rlm_perl: oauth2 token
rlm_perl: oauth2 token failed: 400 Bad Request
(17) oauth2_perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x851f448ab20001c86c51854d7abac511'
(17) oauth2_perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.0.0.4'
(17) oauth2_perl: &request:OAuth2-Group += $RAD_REQUEST{'OAuth2-Group'} -> '....'
(17) oauth2_perl: &request:OAuth2-Group += $RAD_REQUEST{'OAuth2-Group'} -> '.....'
(17) oauth2_perl: &request:OAuth2-Group += $RAD_REQUEST{'OAuth2-Group'} -> '....'
(17) oauth2_perl: &request:OAuth2-Group += $RAD_REQUEST{'OAuth2-Group'} -> '.....'
(17) oauth2_perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> '.....'
(17) oauth2_perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'test@....'
(17) oauth2_perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '0'
(17) oauth2_perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> '.....'
(17) oauth2_perl: &request:Realm = $RAD_REQUEST{'Realm'} -> '.....'
(17) oauth2_perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Mar 24 2023 07:22:10 UTC'
(17) oauth2_perl: &reply:Reply-Message += $RAD_REPLY{'Reply-Message'} -> 'Error: invalid_grant'
(17) oauth2_perl: &reply:Reply-Message += $RAD_REPLY{'Reply-Message'} -> 'AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.'
(17) oauth2_perl: &reply:Reply-Message += $RAD_REPLY{'Reply-Message'} -> 'Trace ID: 721415c2-5b50-4185-8af7-76124bda1900'
(17) oauth2_perl: &reply:Reply-Message += $RAD_REPLY{'Reply-Message'} -> 'Correlation ID: ced3a7a9-44c3-4e0e-a51c-27ff6bf56451'
(17) oauth2_perl: &reply:Reply-Message += $RAD_REPLY{'Reply-Message'} -> 'Timestamp: 2023-03-24 07:22:11Z'
(17) oauth2_perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'oauth2'
(17) oauth2_perl: &control:OAuth2-Password-Last-Modified = $RAD_CHECK{'OAuth2-Password-Last-Modified'} -> 'Mar 24 2023 07:20:59 UTC'
(17) [oauth2_perl] = reject
(17) } # policy oauth2.authenticate = reject
(17) } # Auth-Type oauth2 = reject
(17) Failed to authenticate the user
Any idea how i can fix that?
The text was updated successfully, but these errors were encountered: