O365 auth not working
317 views
Skip to first unread message
Niels
Mar 18, 2020, 4:37:46 PM3/18/20
to BigBlueButton-dev
Hi all,
We've installed GreenLight lately. All is working except for Office365 authentication. These are the log files:
INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Setup endpoint detected, running now. INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Callback phase initiated. ERROR: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Authentication failure! invalid_request: OmniAuth::Strategies::OAuth2::CallbackError, invalid_request | AADSTS50194: Application 'MYAPPID' (BBB-Endpoint) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Niels
Mar 18, 2020, 4:45:18 PM3/18/20
to BigBlueButton-dev
Right, we're not using Office365 auth but Azure AD auth...
Ahmad Farhat
Mar 18, 2020, 4:47:39 PM3/18/20
to BigBlueButton-dev
Hi Niels,
When creating a new an account in Azure, make sure you select the second option for "Supported Account Types"
Niels
Mar 18, 2020, 4:52:19 PM3/18/20
to BigBlueButton-dev
Yes, but this will allow all outlook365 accounts. We only want to only allow those in our tenant.
Niels
Mar 18, 2020, 4:55:51 PM3/18/20
to BigBlueButton-dev
Or do we select what you recommend and then fix by selecting our domain with OFFICE365_HD=365.ourdomain.org?
Ahmad Farhat
Mar 18, 2020, 4:57:34 PM3/18/20
to BigBlueButton-dev
Exactly that
If your emails are em...@365.domain.org, the set the OFFICE365_HD=365.ourdomain.org
OFFICE365_HD should equal to an exact match of what comes after the @ sign in your emails
Niels
Mar 18, 2020, 7:10:47 PM3/18/20
to BigBlueButton-dev
Great Ahman, it works perfectly now! Maybe this detail would be nice to include in the instructions I guess.
Ahmad Farhat
Mar 19, 2020, 9:13:12 AM3/19/20
to BigBlueButton-dev
Yeah I'll add it to docs when I get a chance. Thanks for trying it out
Xenos D
Jul 2, 2020, 7:28:25 AM7/2/20
to BigBlueButton-dev
Hi Niels,
as you, I am trying to authenticate my users using Azure AD, instead of Office 365.
Following mentioned guidelines (allowing anyone, not only my tenant) worked, but I didn't manage to filter out irrelevant domains.
If I leave the field OFFICE365_HD= blank, then I have my users authenticated through Azure ad, as they should. But when I set OFFICE365_HD=mydomain.com, then I get errors.
Any idea (I do not have any O365 licenses)?
Since greenlight works with O365 through azure ad, I suppose it is pretty easy to add the Azure ad as an individual oauth2 authentication method.
Matias Silva
Jul 2, 2020, 8:02:58 AM7/2/20
to bigblueb...@googlegroups.com
Hi,
Please use
https://groups.google.com/forum/#!forum/bigbluebutton-greenlight for
your question.
---
Thanks, Matias
On 2020-07-02 12:28, Xenos D wrote:
> Hi Niels,
>
> as you, I am trying to authenticate my users using Azure AD, instead
> of Office 365.
>
> Following mentioned guidelines (allowing anyone, not only my tenant)
> worked, but I didn't manage to filter out irrelevant domains.
> If I leave the field OFFICE365_HD= blank, then I have my users
> authenticated through Azure ad, as they should. But when I set
> OFFICE365_HD=mydomain.com, then I get errors.
> Any idea (I do not have any O365 licenses)?
>
> Since greenlight works with O365 through azure ad, I suppose it is
> pretty easy to add the Azure ad as an individual oauth2 authentication
> method.
>
> On Thursday, March 19, 2020 at 1:10:47 AM UTC+2, Niels wrote:
>
>> Great Ahman, it works perfectly now! Maybe this detail would be nice
>> to include in the instructions I guess.
>>
>> On Wednesday, March 18, 2020 at 9:57:34 PM UTC+1, Ahmad Farhat
>> wrote:
>>
>> Exactly that
>>
>> If your emails are em...@365.domain.org, the set the
>> OFFICE365_HD=365.ourdomain.org [1]
> You received this message because you are subscribed to the Google
> Groups "BigBlueButton-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to bigbluebutton-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bigbluebutton-dev/2bdb5d81-4bb6-4577-98e8-8c422c236eb5o%40googlegroups.com
> [2].
>
>
> Links:
> ------
> [1] http://365.ourdomain.org
> [2]
> https://groups.google.com/d/msgid/bigbluebutton-dev/2bdb5d81-4bb6-4577-98e8-8c422c236eb5o%40googlegroups.com?utm_medium=email&utm_source=footer
Please use
https://groups.google.com/forum/#!forum/bigbluebutton-greenlight for
your question.
---
Thanks, Matias
On 2020-07-02 12:28, Xenos D wrote:
> Hi Niels,
>
> as you, I am trying to authenticate my users using Azure AD, instead
> of Office 365.
>
> Following mentioned guidelines (allowing anyone, not only my tenant)
> worked, but I didn't manage to filter out irrelevant domains.
> If I leave the field OFFICE365_HD= blank, then I have my users
> authenticated through Azure ad, as they should. But when I set
> OFFICE365_HD=mydomain.com, then I get errors.
> Any idea (I do not have any O365 licenses)?
>
> Since greenlight works with O365 through azure ad, I suppose it is
> pretty easy to add the Azure ad as an individual oauth2 authentication
> method.
>
> On Thursday, March 19, 2020 at 1:10:47 AM UTC+2, Niels wrote:
>
>> Great Ahman, it works perfectly now! Maybe this detail would be nice
>> to include in the instructions I guess.
>>
>> On Wednesday, March 18, 2020 at 9:57:34 PM UTC+1, Ahmad Farhat
>> wrote:
>>
>> Exactly that
>>
>> If your emails are em...@365.domain.org, the set the
>>
>> OFFICE365_HD should equal to an exact match of what comes after the
>> @ sign in your emails
>>
>> On Wednesday, March 18, 2020 at 4:55:51 PM UTC-4, Niels wrote:
>> Or do we select what you recommend and then fix by selecting our
>> domain with OFFICE365_HD=365.ourdomain.org [1]?
>> OFFICE365_HD should equal to an exact match of what comes after the
>> @ sign in your emails
>>
>> On Wednesday, March 18, 2020 at 4:55:51 PM UTC-4, Niels wrote:
>> Or do we select what you recommend and then fix by selecting our
>>
>> On Wednesday, March 18, 2020 at 9:52:19 PM UTC+1, Niels wrote:
>> Yes, but this will allow all outlook365 accounts. We only want to
>> only allow those in our tenant.
>>
>> On Wednesday, March 18, 2020 at 9:47:39 PM UTC+1, Ahmad Farhat
>> wrote:
>>
>> Hi Niels,
>>
>> When creating a new an account in Azure, make sure you select the
>> second option for "Supported Account Types"
>>
>> On Wednesday, March 18, 2020 at 9:52:19 PM UTC+1, Niels wrote:
>> Yes, but this will allow all outlook365 accounts. We only want to
>> only allow those in our tenant.
>>
>> On Wednesday, March 18, 2020 at 9:47:39 PM UTC+1, Ahmad Farhat
>> wrote:
>>
>> Hi Niels,
>>
>> When creating a new an account in Azure, make sure you select the
>> second option for "Supported Account Types"
>>
>> On Wednesday, March 18, 2020 at 4:45:18 PM UTC-4, Niels wrote:
>> Right, we're not using Office365 auth but Azure AD auth...
>>
>> On Wednesday, March 18, 2020 at 9:37:46 PM UTC+1, Niels wrote:
>>
>> Hi all,
>>
>> We've installed GreenLight lately. All is working except for
>> Office365 authentication. These are the log files:
>>
>> INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Setup
>> endpoint detected, running now.
>> INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Callback
>> phase initiated.
>> ERROR: [29d0310d-1675-4518-bb36-d57db01ca528] (office365)
>> Authentication failure! invalid_request:
>> OmniAuth::Strategies::OAuth2::CallbackError, invalid_request |
>> AADSTS50194: Application 'MYAPPID' (BBB-Endpoint) is not configured
>> as a multi-tenant application. Usage of the /common endpoint is not
>> supported for such applications created after '10/15/2018'. Use a
>> tenant-specific endpoint or configure the application to be
>> multi-tenant.
>
> --
>> Right, we're not using Office365 auth but Azure AD auth...
>>
>> On Wednesday, March 18, 2020 at 9:37:46 PM UTC+1, Niels wrote:
>>
>> Hi all,
>>
>> We've installed GreenLight lately. All is working except for
>> Office365 authentication. These are the log files:
>>
>> INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Setup
>> endpoint detected, running now.
>> INFO: [29d0310d-1675-4518-bb36-d57db01ca528] (office365) Callback
>> phase initiated.
>> ERROR: [29d0310d-1675-4518-bb36-d57db01ca528] (office365)
>> Authentication failure! invalid_request:
>> OmniAuth::Strategies::OAuth2::CallbackError, invalid_request |
>> AADSTS50194: Application 'MYAPPID' (BBB-Endpoint) is not configured
>> as a multi-tenant application. Usage of the /common endpoint is not
>> supported for such applications created after '10/15/2018'. Use a
>> tenant-specific endpoint or configure the application to be
>> multi-tenant.
>
> You received this message because you are subscribed to the Google
> Groups "BigBlueButton-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to bigbluebutton-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bigbluebutton-dev/2bdb5d81-4bb6-4577-98e8-8c422c236eb5o%40googlegroups.com
> [2].
>
>
> Links:
> ------
> [1] http://365.ourdomain.org
> [2]
> https://groups.google.com/d/msgid/bigbluebutton-dev/2bdb5d81-4bb6-4577-98e8-8c422c236eb5o%40googlegroups.com?utm_medium=email&utm_source=footer
Reply all
Reply to author
Forward
0 new messages