 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
Has anyone successfully configured the External Provider login using Azure AD? The documentation is lacking and I would like some better instructions about the specific Configuration Information needed to get this to work. Any help in this matter would be greatly appreciated. I have currently set up a new App Registration in Azure Active Directory. I have generated the Key and Granted Permissions. I have used the following information for the Configuration in the OAuth2 settings. ClientID====================Application ID from Azure ClientSecret================Key Generated from App Registration AccessCodeServiceUri========Auth 2.0 Authorization Endpoint AccessTokenServiceUri=======OAuth 2.0 Token Endpoint UserInfoServiceUri==========OAuth 2.0 Authorization Endpoint ResourceID==================Application ID from Azure UserInfoIDPath==============?? (upn) UserInfoEmailPath===========?? (upn) UserInfoFirstNamePath=======?? (given_name) UserInfoLastNamePath========?? (family_name) DisplayName=================Office365 ExtraRoleNames==============?? (Administrator) I'm unsure how to determine the JSON path to the UserInfo or how the ExtraRoleNames are used. With the current settings, I am able to click on the Connect with Office365 option during login and it does show my Company Branded login page, but goes to a Server Error in '/' Application page showing a Runtime Error default page. Anyone have any experience in this? Or if someone has successfully used the SAML option with Azure AD, those detailed instructions would also be helpful. Edited by user Tuesday, February 13, 2018 8:54:05 PM(UTC)
| Reason: Not specified
|
|
|
|
 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
I was able to get some help from Support on this if anyone is interested in implementing Azure AD login. ClientID====================Application ID from Azure ClientSecret================Key Generated from App Registration AccessCodeServiceUri========Auth 2.0 Authorization Endpoint AccessTokenServiceUri=======OAuth 2.0 Token Endpoint UserInfoServiceUri==========https://graph.microsoft.com/v1.0/me ResourceID==================https://graph.microsoft.com UserInfoIDPath==============id UserInfoEmailPath===========mail UserInfoFirstNamePath=======givenName UserInfoLastNamePath========surname DisplayName=================Office365 ExtraRoleNames==============Security Group that matches Control Role Name Currently the ExtraRoleNames mapping isn't working correctly and it will only apply 1 role that is defined in this field. Edited by user Thursday, February 15, 2018 4:19:09 PM(UTC)
| Reason: Not specified
|
 1 user thanked pchrist18 for this useful post.
|
|
|
 Rank: Guest Joined: 2/16/2018(UTC) Posts: 5  Was thanked: 1 time(s) in 1 post(s)
|
I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2?
|
|
|
|
 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
Originally Posted by: joey52685  I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2? I'm no expert on these Authentication methods, but I don't think there will be much difference in functionality between the two. You should be able to authenticate and map the roles once they have everything working correctly.
|
|
|
|
 Rank: Administration Medals:  Joined: 5/30/2012(UTC) Posts: 501 Location: Raleigh, NC
Thanks: 56 times Was thanked: 82 time(s) in 68 post(s)
|
Originally Posted by: joey52685  I'm trying to use the SAML option, but it appears to be broken right now. Is there any significant difference in functionality using OAUTH2? Hi Joey, Do you have a support ticket with our team yet? We're actively trying to solve problems with the SAML before the release of 6.6. |
ScreenConnect Team |
|
|
|
 Rank: Advanced Member Medals:   Joined: 3/9/2015(UTC) Posts: 80  Location: Texas Thanks: 15 times Was thanked: 20 time(s) in 6 post(s)
|
I'm also getting a Server Error in '/' Application page response when clicking "Connect with Office365", even after following @pchrist18 's instructions. Trying to use OAuth2. Currently on the latest 6.6, self-hosted.
|
|
|
|
 Rank: Member Medals:  Joined: 2/3/2015(UTC) Posts: 38  Thanks: 1 times Was thanked: 6 time(s) in 5 post(s)
|
Hi Mike,
is there also somewhere a guide how to configure SAML ADFS? i would like to try this with our new ADFS server.
Georg
|
|
|
|
 Rank: Guest Joined: 4/3/2018(UTC) Posts: 4
|
I'm working on getting Oauth2 setup with Google. I have everything configured, but I am getting a uri_redirect mismatch. I was wondering where you guys got your uri_redirect settings from? I can see that our ScreenConnect server is passing a value to Google when I debug it, but that isn't working when I put that value in Google.
|
|
|
|
 Rank: Newbie Joined: 9/21/2015(UTC) Posts: 6  Thanks: 2 times
|
Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be?
|
|
|
|
 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
Originally Posted by: poynter  Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be? When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this: "https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login" Edited by user Friday, May 11, 2018 1:08:32 PM(UTC)
| Reason: Not specified
|
|
|
|
 Rank: Newbie Joined: 9/21/2015(UTC) Posts: 6  Thanks: 2 times
|
Originally Posted by: pchrist18  Originally Posted by: poynter  Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be? When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this: "https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login" Hi, I believe that is related to SAML?
|
|
|
|
 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
Originally Posted by: poynter  Originally Posted by: pchrist18  Originally Posted by: poynter  Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be? When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this: "https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login" Hi, I believe that is related to SAML? I am using OAuth2
|
 1 user thanked pchrist18 for this useful post.
|
|
|
 Rank: Newbie Joined: 9/21/2015(UTC) Posts: 6  Thanks: 2 times
|
Originally Posted by: pchrist18  Originally Posted by: poynter  Originally Posted by: pchrist18  Originally Posted by: poynter  Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be? When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this: "https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login" Hi, I believe that is related to SAML? I am using OAuth2 Thanks, Now getting a new error: Error processing external login return: Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxx' or one of its dependencies. Is this because the server its running on is Linux?
|
|
|
|
 Rank: Guest Joined: 2/13/2018(UTC) Posts: 8  Was thanked: 3 time(s) in 3 post(s)
|
Originally Posted by: poynter  Originally Posted by: pchrist18  Originally Posted by: poynter  Originally Posted by: pchrist18  Originally Posted by: poynter  Trying to setup Oauth with Office 365, but getting error with reply URL. Anyone know what this should be? When I was setting mine up, I would get an error on the O365 login page that mentioned the URL. I think I just copied that into my Reply URLs. Mine looks like this: "https://domain.screenconnect.com/__Authentication/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Login" Hi, I believe that is related to SAML? I am using OAuth2 Thanks, Now getting a new error: Error processing external login return: Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxx' or one of its dependencies. Is this because the server its running on is Linux? I'm no expert, but possibly. I think that is referring to the .NET framework.
|
 1 user thanked pchrist18 for this useful post.
|
|
|
 Rank: Newbie Joined: 4/15/2015(UTC) Posts: 12  Thanks: 6 times
|
A little silly that there is no official documentation for this  , but here are the correct OAuth2 (OIDC) settings for Azure AD/Office 365: Code:ClientID ===== Application ID from Azure AD App Registration
ClientSecret ===== Key/Password generated in Azure AD App Registration
AccessCodeServiceUri ===== https://login.microsoftonline.com/<Your Tenant ID>/oauth2/authorize
AccessTokenServiceUri ===== https://login.microsoftonline.com/<Your Tenant ID>/oauth2/token
UserInfoServiceUri ===== https://login.windows.net/<Your Tenant ID>/openid/userinfo
Scope ===== openid
AccessType ===== LEAVE BLANK
Prompt ===== LEAVE BLANK
ResourceID ===== LEAVE BLANK
UserInfoIDPath ===== upn
UserInfoEmailPath ===== upn
UserInfoFirstNamePath ===== given_name
UserInfoLastNamePath ===== family_name
DisplayName ===== Office 365 (whatever you want it to say on login page)
ExtraRoleNames ===== ScreenConnect role you want to assign (e.g. Administrator, Helpdesk, etc)
You must set Reply Url in the Azure App Registration to "https:// <ScreenConnect Domain>/__Authentication/ <ScreenConnect OAuth Membership Provider ID>/Login". You can find the membership provider id by inspecting the request to Azure AD or looking in the web.config on the server under configuration->system.web->membership->providers-> Your OAuth2 Provider->name. Personally, I just edited the web.config and set the "names" of my OAuth2 providers to match the Client ID of the App Registration in Azure AD for continuity. You can create more than one OAuth2 provider, so I created a regular one for Helpdesk and and Admin one for administration. I used corresponding ScreenConnect roles and display names. In Azure AD under "Enterprise Applications" you can then assign users or groups to the apps, and force user assignment in the Enterprise Application properties. Sol
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.