logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
pchrist18  
#1 Posted : Tuesday, February 13, 2018 8:49:11 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
Has anyone successfully configured the External Provider login using Azure AD? The documentation is lacking and I would like some better instructions about the specific Configuration Information needed to get this to work. Any help in this matter would be greatly appreciated.

I have currently set up a new App Registration in Azure Active Directory. I have generated the Key and Granted Permissions. I have used the following information for the Configuration in the OAuth2 settings.

ClientID====================Application ID from Azure
ClientSecret================Key Generated from App Registration
AccessCodeServiceUri========Auth 2.0 Authorization Endpoint
AccessTokenServiceUri=======OAuth 2.0 Token Endpoint
UserInfoServiceUri==========OAuth 2.0 Authorization Endpoint
ResourceID==================Application ID from Azure
UserInfoIDPath==============?? (upn)
UserInfoEmailPath===========?? (upn)
UserInfoFirstNamePath=======?? (given_name)
UserInfoLastNamePath========?? (family_name)
DisplayName=================Office365
ExtraRoleNames==============?? (Administrator)

I'm unsure how to determine the JSON path to the UserInfo or how the ExtraRoleNames are used.

With the current settings, I am able to click on the Connect with Office365 option during login and it does show my Company Branded login page, but goes to a Server Error in '/' Application page showing a Runtime Error default page.

Anyone have any experience in this? Or if someone has successfully used the SAML option with Azure AD, those detailed instructions would also be helpful.

Edited by user Tuesday, February 13, 2018 8:54:05 PM(UTC)  | Reason: Not specified

pchrist18  
#2 Posted : Thursday, February 15, 2018 2:19:23 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
I was able to get some help from Support on this if anyone is interested in implementing Azure AD login.

ClientID====================Application ID from Azure
ClientSecret================Key Generated from App Registration
AccessCodeServiceUri========Auth 2.0 Authorization Endpoint
AccessTokenServiceUri=======OAuth 2.0 Token Endpoint
UserInfoServiceUri==========https://graph.microsoft.com/v1.0/me
ResourceID==================https://graph.microsoft.com
UserInfoIDPath==============id
UserInfoEmailPath===========mail
UserInfoFirstNamePath=======givenName
UserInfoLastNamePath========surname
DisplayName=================Office365
ExtraRoleNames==============Security Group that matches Control Role Name

Currently the ExtraRoleNames mapping isn't working correctly and it will only apply 1 role that is defined in this field.

Edited by user Thursday, February 15, 2018 4:19:09 PM(UTC)  | Reason: Not specified

thanks 1 user thanked pchrist18 for this useful post.
Mike on 2/15/2018(UTC)
joey52685  
#3 Posted : Saturday, February 17, 2018 12:33:35 PM(UTC)
joey52685


Rank: Guest

Joined: 2/16/2018(UTC)
Posts: 4
United States

Was thanked: 1 time(s) in 1 post(s)
I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2?
pchrist18  
#4 Posted : Monday, February 19, 2018 1:29:55 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
Originally Posted by: joey52685 Go to Quoted Post
I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2?


I'm no expert on these Authentication methods, but I don't think there will be much difference in functionality between the two. You should be able to authenticate and map the roles once they have everything working correctly.
Mike  
#5 Posted : Monday, February 19, 2018 8:56:22 PM(UTC)
Mike


Rank: Administration

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 5/30/2012(UTC)
Posts: 493
Location: Raleigh, NC

Thanks: 53 times
Was thanked: 78 time(s) in 64 post(s)
Originally Posted by: joey52685 Go to Quoted Post
I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2?


Hi Joey,

Do you have a support ticket with our team yet? We're actively trying to solve problems with the SAML before the release of 6.6.
ScreenConnect Team
Jesseb  
#6 Posted : Friday, February 23, 2018 5:05:43 AM(UTC)
Jesseb


Rank: Advanced Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 1: Random Act of Kindness! Received One Thanks!

Joined: 3/9/2015(UTC)
Posts: 79
United States
Location: Texas

Thanks: 13 times
Was thanked: 20 time(s) in 6 post(s)
I'm also getting a Server Error in '/' Application page response when clicking "Connect with Office365", even after following @pchrist18 's instructions. Trying to use OAuth2. Currently on the latest 6.6, self-hosted.
georg.leitner  
#7 Posted : Thursday, March 8, 2018 2:10:15 PM(UTC)
georg.leitner


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 2/3/2015(UTC)
Posts: 32
Austria

Thanks: 1 times
Was thanked: 5 time(s) in 5 post(s)
Hi Mike,

is there also somewhere a guide how to configure SAML ADFS? i would like to try this with our new ADFS server.

Georg
mrsfield  
#8 Posted : Tuesday, April 3, 2018 9:42:35 PM(UTC)
mrsfield


Rank: Guest

Joined: 4/3/2018(UTC)
Posts: 4

I'm working on getting Oauth2 setup with Google. I have everything configured, but I am getting a uri_redirect mismatch. I was wondering where you guys got your uri_redirect settings from? I can see that our ScreenConnect server is passing a value to Google when I debug it, but that isn't working when I put that value in Google.
poynter  
#9 Posted : Friday, May 11, 2018 8:29:16 AM(UTC)
poynter


Rank: Newbie

Joined: 9/21/2015(UTC)
Posts: 6
United Kingdom

Thanks: 2 times
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?
pchrist18  
#10 Posted : Friday, May 11, 2018 1:06:48 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
Originally Posted by: poynter Go to Quoted Post
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?


When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this:

"https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login"

Edited by user Friday, May 11, 2018 1:08:32 PM(UTC)  | Reason: Not specified

poynter  
#11 Posted : Friday, May 11, 2018 1:37:22 PM(UTC)
poynter


Rank: Newbie

Joined: 9/21/2015(UTC)
Posts: 6
United Kingdom

Thanks: 2 times
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?


When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this:

"https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login"


Hi,

I believe that is related to SAML?
pchrist18  
#12 Posted : Friday, May 11, 2018 2:03:35 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
Originally Posted by: poynter Go to Quoted Post
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?


When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this:

"https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login"


Hi,

I believe that is related to SAML?


I am using OAuth2
thanks 1 user thanked pchrist18 for this useful post.
poynter on 5/11/2018(UTC)
poynter  
#13 Posted : Friday, May 11, 2018 2:39:49 PM(UTC)
poynter


Rank: Newbie

Joined: 9/21/2015(UTC)
Posts: 6
United Kingdom

Thanks: 2 times
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?


When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this:

"https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login"


Hi,

I believe that is related to SAML?


I am using OAuth2


Thanks,

Now getting a new error:

Error processing external login return: Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxx' or one of its dependencies.

Is this because the server its running on is Linux?
pchrist18  
#14 Posted : Friday, May 11, 2018 3:10:40 PM(UTC)
pchrist18


Rank: Guest

Joined: 2/13/2018(UTC)
Posts: 8
United States

Was thanked: 3 time(s) in 3 post(s)
Originally Posted by: poynter Go to Quoted Post
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Originally Posted by: pchrist18 Go to Quoted Post
Originally Posted by: poynter Go to Quoted Post
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?


When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this:

"https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login"


Hi,

I believe that is related to SAML?


I am using OAuth2


Thanks,

Now getting a new error:

Error processing external login return: Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxx' or one of its dependencies.

Is this because the server its running on is Linux?


I'm no expert, but possibly. I think that is referring to the .NET framework.
thanks 1 user thanked pchrist18 for this useful post.
poynter on 5/11/2018(UTC)
solbirn_tk  
#15 Posted : Sunday, May 20, 2018 5:16:07 PM(UTC)
solbirn_tk


Rank: Newbie

Joined: 4/15/2015(UTC)
Posts: 12
United States

Thanks: 6 times
A little silly that there is no official documentation for this Confused, but here are the correct OAuth2 (OIDC) settings for Azure AD/Office 365:

Code:
ClientID				=====	Application ID from Azure AD App Registration
ClientSecret			=====	Key/Password generated in Azure AD App Registration
AccessCodeServiceUri	=====	https://login.microsoftonline.com/<Your Tenant ID>/oauth2/authorize
AccessTokenServiceUri 	=====	https://login.microsoftonline.com/<Your Tenant ID>/oauth2/token
UserInfoServiceUri		=====	https://login.windows.net/<Your Tenant ID>/openid/userinfo
Scope 					=====	openid
AccessType				=====	LEAVE BLANK
Prompt					=====	LEAVE BLANK
ResourceID				=====	LEAVE BLANK
UserInfoIDPath			=====	upn
UserInfoEmailPath		=====	upn
UserInfoFirstNamePath	=====	given_name
UserInfoLastNamePath	=====	family_name
DisplayName				=====	Office 365 (whatever you want it to say on login page)
ExtraRoleNames			=====	ScreenConnect role you want to assign (e.g. Administrator, Helpdesk, etc)


You must set Reply Url in the Azure App Registration to "https://<ScreenConnect Domain>/__Authentication/<ScreenConnect OAuth Membership Provider ID>/Login". You can find the membership provider id by inspecting the request to Azure AD or looking in the web.config on the server under configuration->system.web->membership->providers->Your OAuth2 Provider->name. Personally, I just edited the web.config and set the "names" of my OAuth2 providers to match the Client ID of the App Registration in Azure AD for continuity.

You can create more than one OAuth2 provider, so I created a regular one for Helpdesk and and Admin one for administration. I used corresponding ScreenConnect roles and display names. In Azure AD under "Enterprise Applications" you can then assign users or groups to the apps, and force user assignment in the Enterprise Application properties.

Sol
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.