Hey guys,
We have been through the gambit of installing Universal on IIS, and now have moved to a complete Klestrel build. We have setup the Azure AD Enterprise Application side, but the logs look like it is trying to reach out to the Token URL.
Were can we review in the logs how the request is being formatted to Microsoft? We think there is an issue with how the request is being passed to the Microsoft Token URL. Also if anyone can share there configuration on how to get the Universal Login page working with Azure AD that would be great to compare.
We have set everything up as outlined in the documentation (https://docs.ironmansoftware.com/config/security/openid-connect), but are at a standstill with the authentication to the login screen.
We currently are on the enterprise license.
Current Logs:
2020-07-12T12:52:35.0926130-04:00 0HM16GA16J1P8:00000002 [INF] Executing RedirectResult, redirecting to “/admin”. (d98d540e)
2020-07-12T12:52:35.0927913-04:00 0HM16GA16J1P8:00000002 [INF] Request finished in 212.0422ms 302 (791a596a)
2020-07-12T12:52:35.0960155-04:00 0HM16GA16J1P8:00000003 [INF] Request starting HTTP/1.1 GET https://universal.deflaw.com/admin (ca22a1cb)
2020-07-12T12:52:35.2861762-04:00 0HM16GA16J1P8:00000003 [INF] /admin (00e9b4ee)
2020-07-12T12:52:35.2863321-04:00 0HM16GA16J1P8:00000003 [INF] C:\Program Files (x86)\Universal\UniversalAutomation\admin (c6078a92)
2020-07-12T12:52:35.2870884-04:00 0HM16GA16J1P8:00000003 [INF] Request finished in 191.073ms 200 text/html (791a596a)
2020-07-12T12:52:35.7056204-04:00 0HM16GA16J1P8:00000004 [INF] Request starting HTTP/1.1 GET https://universal.deflaw.com/api/v1/accessible?t=1594572755696 (ca22a1cb)
2020-07-12T12:52:35.7223591-04:00 0HM16GA16J1P9:00000001 [INF] Request starting HTTP/1.1 GET https://universal.deflaw.com/api/v1/version?t=1594572755697 (ca22a1cb)
2020-07-12T12:52:35.9346751-04:00 0HM16GA16J1P8:00000004 [INF] “OpenIdConnect” was not authenticated. Failure message: “Not authenticated” (48071232)
2020-07-12T12:52:35.9349235-04:00 0HM16GA16J1P8:00000004 [INF] Authorization failed. (b15dd539)
2020-07-12T12:52:35.9377575-04:00 0HM16GA16J1P8:00000004 [INF] AuthenticationScheme: “Cookies” was challenged. (d45f1f38)
2020-07-12T12:52:35.9410466-04:00 0HM16GA16J1P8:00000004 [INF] AuthenticationScheme: “Bearer” was challenged. (d45f1f38)
2020-07-12T12:52:35.9475774-04:00 0HM16GA16J1P9:00000001 [INF] Executing endpoint ‘“Universal.Server.Services.VersionController.Get (Universal.Server)”’ (500cc934)
2020-07-12T12:52:35.9477811-04:00 0HM16GA16J1P9:00000001 [INF] Route matched with “{action = “Get”, controller = “Version”}”. Executing controller action with signature “Microsoft.AspNetCore.Mvc.IActionResult Get()” on controller “Universal.Server.Services.VersionController” (“Universal.Server”). (122b2fdf)
2020-07-12T12:52:35.9481280-04:00 0HM16GA16J1P9:00000001 [INF] Executing ObjectResult, writing value of type ‘“System.String”’. (8a1b66c8)
2020-07-12T12:52:35.9484240-04:00 0HM16GA16J1P9:00000001 [INF] Executed action “Universal.Server.Services.VersionController.Get (Universal.Server)” in 0.5894ms (afa2e885)
2020-07-12T12:52:35.9484501-04:00 0HM16GA16J1P9:00000001 [INF] Executed endpoint ‘“Universal.Server.Services.VersionController.Get (Universal.Server)”’ (99874f2b)
2020-07-12T12:52:35.9485632-04:00 0HM16GA16J1P9:00000001 [INF] Request finished in 226.2211ms 200 text/plain; charset=utf-8 (791a596a)
2020-07-12T12:52:35.9637948-04:00 0HM16GA16J1P9:00000002 [INF] Request starting HTTP/1.1 GET https://universal.deflaw.com/api/v1/stats?t=1594572755697 (ca22a1cb)
2020-07-12T12:52:36.1608642-04:00 0HM16GA16J1P9:00000002 [INF] “OpenIdConnect” was not authenticated. Failure message: “Not authenticated” (48071232)
2020-07-12T12:52:36.1609658-04:00 0HM16GA16J1P9:00000002 [INF] Authorization failed. (b15dd539)
2020-07-12T12:52:36.1611008-04:00 0HM16GA16J1P9:00000002 [INF] AuthenticationScheme: “Cookies” was challenged. (d45f1f38)
2020-07-12T12:52:36.1611887-04:00 0HM16GA16J1P9:00000002 [INF] AuthenticationScheme: “Bearer” was challenged. (d45f1f38)
2020-07-12T12:52:36.2199760-04:00 0HM16GA16J1P8:00000004 [ERR] An unhandled exception has occurred while executing the request. (48a46595)
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration’.
—> System.IO.IOException: IDX20807: Unable to retrieve document from: ‘https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration’. HttpResponseMessage: ‘StatusCode: 404, ReasonPhrase: ‘Not Found’, Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Cache-Control: private
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
x-ms-request-id: c501eab1-79e5-4b65-9d43-906005bd8a00
x-ms-ests-server: 2.1.10821.14 - WUS2 ProdSlices
P3P: CP=“DSP CUR OTPi IND OTRi ONL FIN”
Set-Cookie: x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly
Date: Sun, 12 Jul 2020 16:52:35 GMT
Content-Length: 0
}’, HttpResponseMessage.Content: ‘’.
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in E:\src\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 88 at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2020-07-12T12:52:36.2219638-04:00 0HM16GA16J1P9:00000002 [ERR] An unhandled exception has occurred while executing the request. (48a46595) System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration'. at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in E:\src\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 88 at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2020-07-12T12:52:36.6141977-04:00 0HM16GA16J1P8:00000004 [INF] "OpenIdConnect" was not authenticated. Failure message: "Not authenticated" (48071232) 2020-07-12T12:52:36.6142558-04:00 0HM16GA16J1P8:00000004 [INF] Authorization failed. (b15dd539) 2020-07-12T12:52:36.6143966-04:00 0HM16GA16J1P8:00000004 [INF] AuthenticationScheme: "Cookies" was challenged. (d45f1f38) 2020-07-12T12:52:36.6144320-04:00 0HM16GA16J1P8:00000004 [INF] AuthenticationScheme: "Bearer" was challenged. (d45f1f38) 2020-07-12T12:52:36.6252530-04:00 0HM16GA16J1P8:00000004 [ERR] An unhandled exception has occurred while executing the request. (48a46595) System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration'. at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in E:\src\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 88 at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2020-07-12T12:52:36.6274165-04:00 0HM16GA16J1P9:00000002 [INF] "OpenIdConnect" was not authenticated. Failure message: "Not authenticated" (48071232) 2020-07-12T12:52:36.6274728-04:00 0HM16GA16J1P9:00000002 [INF] Authorization failed. (b15dd539) 2020-07-12T12:52:36.6275098-04:00 0HM16GA16J1P9:00000002 [INF] AuthenticationScheme: "Cookies" was challenged. (d45f1f38) 2020-07-12T12:52:36.6275401-04:00 0HM16GA16J1P9:00000002 [INF] AuthenticationScheme: "Bearer" was challenged. (d45f1f38) 2020-07-12T12:52:36.6293037-04:00 0HM16GA16J1P9:00000002 [ERR] An unhandled exception has occurred while executing the request. (48a46595) System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration'. at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in E:\src\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 88
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2020-07-12T12:52:36.8157232-04:00 0HM16GA16J1P8:00000004 [INF] Request finished in 1110.2102ms 404 (791a596a)
2020-07-12T12:52:36.8212345-04:00 0HM16GA16J1P9:00000002 [INF] Request finished in 857.4604ms 404 (791a596a)
2020-07-12T12:52:36.8428603-04:00 0HM16GA16J1P9:00000003 [INF] Request starting HTTP/1.1 GET https://universal.deflaw.com/login (ca22a1cb)
After reviewing the logs and trying some of my own url gets to the Open ID URLs. Looks like the way Powershell universal is pulling in the Open ID configuration - Unable to obtain configuration from: 'https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/oauth2/v2.0/authorize/.well-known/openid-configuration
But it I go to https://login.microsoftonline.com/7eaac13d-02b8-4712-bfd3-f561bea3a4b8/v2.0/.well-known/openid-configuration?appid=4bbd411f-de98-4fc2-b359-5e26d985d2e9 - which I have enter the tenant ID and App ID manually, I am able to pull back the different configurations.
We were able to figure it out - you don’t need to copy the Oauth string , just the microsoft.com login and the tenant ID.