Identify the authentication type #74
Comments
|
If it can help, my claim identity string is :
Meaning (source):
As soon as I have time, I'll try to create a new app token and I'll do more tests :) Thanks |
|
Hi, since you have SP 2019 and Azure AD, then ADFS credentials should be used. But, honestly, I don't know which parameters to use for |
|
I have no such env (on-prem in hybrid mode with AAD) to check it out. I'd suggest that ADFS might work, but not sure. Maybe Azure AD auth is the way to go only. If it's dev-only scenario, On-Demand will definitely work. For a prod service layer, a research or Azure AD auth for node. |
|
Thanks for the reply. I asked my I/T contact about ADFS url, and he told me we don't use it… He said the sign in URL is https://login.microsoftonline.com/TENANT-ID/saml2 and the Azure Ad identifier is https://sts.windows.net/TENANT-ID/ I'm not sure what it means… I'm still trying different things, including Azure AD Auth. I'll post here my findings. |
|
I'm working on a different approach and in parallel we have opened a ticket to Microsoft to get their support. For now I'll close this issue and I'll post here the solution I found. Thanks. |
|
Here an update: The Microsoft engineer suggested to use your SharePoint on premise addin only authentication solution (BTW the guy said: « It is actually quite a nicely written guide (and correct as well) » 👍)… However this method needs to have access to the farm, which is not my case (I'm only a site collection admin), and I know my I/I won't help with that. Then I tried to mimic how the browser authenticates with the server and I ended up with 8 differents requests, and many cookies to be passed through; and it worked! I'm able to retrieve a valid FedAuth cookie to use in my requests! I'll provide more details about my method on my wiki for anyone else who could face the same issue. |
|
wow! Great, glad it finally worked! |
Hi,
My organization have just set up a Sharepoint 2019 On Promise (the farm is inside our company) that is an hybrid environment that uses Azure Active Directory (at least, it is what I understood).
When I try to go to https://tenant.my.org.com/sites/sandbox then I'm first redirected to https://login.microsoftonline.com/945c188a-83a2-4e80-9f8c-5a91be5752dd/wsfed?wa=wsignin1.0&wtrealm=urn%3aSharepoint%3afederation&wctx=https%3a%2f%2ftenant.my.org.com%2fsites%2fsandbox%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&wreply=https%3a%2f%2ftenant.my.org.com%2fsites%2fsandbox%2f_trust%2fdefault.aspx&sso_nonce=AQABAAAAAABeAFzDwllzTYGDLh_qYbH87qVvvwM4pLiqYXloFo6Il7_-ry9WsQiAA&client-request-id=8dacdcfb-c68f-4ec2-a3e7-7760cecf3699&mscrid=8dacdcfb-c86f-4ec2-a3e7-7760cecf3699 which will automatically authenticate me and redirect me to my website.
I'm a SCA for this Sharepoint, and when I try to open https://tenant.my.org.com/sites/sandbox/_api/web in my browser, it works.
Next I tried to access it from Node… :
online:true, it returns:relyingParty: 'urn:Sharepoint:federation'andadfsUrl:'https://login.microsoftonline.com', it returns:Thoughts? I could ask questions to the I/T guy who set up this Sharepoint, but what would be the good questions to ask him?
Thank you
The text was updated successfully, but these errors were encountered: