Issue with On Demand Auth #55
Comments
|
Silly question but does the user account has corresponding permissions? |
|
If you |
|
If you have multiple auth providers (including forms for example), you could try adding additional header in your code: |
|
Yes I do get a FedAuth header back when I console.log the data { headers: Unfortunately, I am not aware of there being any other auth providers (and at this point in time I dont know who is the right person to speak to to understand how this instance has been configured). I will try and find out more information. I do know that this was actually a special MicroSoft cloud hosted on-premise 2013 instance that was recently migrated to O365. I can connect with PnP PowerShell but I have to use the -UseWebLogin flag for federated login Connect-PnPOnline -Url $siteURL -UseWebLogin I was hoping that the ADFS might work. As part of the corporate SSO when logging in it uses the windows domain credentials and I'm pretty sure that it isnt syncing to Azure AD. I have sniffed out some of the traffic and there are endpoints like this https://idpint.abc.com/nidp/wsfed/ep and strings such as wtrealm=urn:federation:MicrosoftOnline I think that this is a 3rd party integration rather than ADFS here. FYI, I looked at this orginally because I wanted to use the SPGo visual studio code add-in. That works OOB with a dev O365 tenant. I pulled it apart and saw that it was using sppull node package that in turn is calling into node-sp-auth :-) Microsoft really dont like you emebedding credentials these days it seems. Many thanks Jes |
|
Further to this the header that was returned FedAuth was a base 64 encoded XML fragment similar to below (slightly tweaked for security and readability) |
I have an environment where we are using federated login mechanism.
When I run the simple example I get the company custom login redirect and I assume I get back a valid auth token/cookie from there. However when I try to read from the site url supplied I get an error. When I am logged in with the same user credentials I dont have any issue hitting the web url directly
https://one.abc.net/sites/RIBWiki/_api/web
Then adapting the somple example as follows:
This the error I get from the simple example code :
Unhandled rejection StatusCodeError: 403 - "{"error":{"code":"-2147024891,
System.UnauthorizedAccessException","message":{"lang":"en-US","value":
"Access denied. You do not have permission to perform this action or access this
resource."}}}"
at new StatusCodeError (C:\PS\sppull\node_modules\request-promise-core\lib\e
rrors.js:32:15)
at Request.plumbing.callback (C:\PS\sppull\node_modules\request-promise-core
\lib\plumbing.js:104:33)
at Request.RP$callback [as _callback] (C:\PS\sppull\node_modules\request-pro
mise-core\lib\plumbing.js:46:31)
at Request.self.callback (C:\PS\sppull\node_modules\request\request.js:185:2
2)
at emitTwo (events.js:126:13)
at Request.emit (events.js:214:7)
at Request. (C:\PS\sppull\node_modules\request\request.js:1161:10
)
at emitOne (events.js:116:13)
at Request.emit (events.js:211:7)
at IncomingMessage. (C:\PS\sppull\node_modules\request\request.js
:1083:12)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1055:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickCallback (internal/process/next_tick.js:180:9)
The text was updated successfully, but these errors were encountered: