sharepy icon indicating copy to clipboard operation
sharepy copied to clipboard

Published 20 hours ago verified publisher icon JonathanHolvey

Unable to authenticate possibly due to Okta SSO / MFA

Open sandemi1 opened this issue 3 years ago • 1 comments
trafficstars

We suspect Okta's authentication service is preventing us from logging into Sharepoint O365. Looking for a solution that allows us to login to Sharepoint O365 through Okta's MFA service.

Python app response with correct/incorrect password and/or correct/incorrect user id:

Enter id: smithjo1 Enter password: Connecting with id: [email protected]

*** Exception (ERPY-1.0.3) *** *** Unable to upload file to SharePoint: MobaXterm Sessions7.mxtsessions *** error: Token request failed. Invalid server response *** exception: Token request failed. Invalid server response (<class 'sharepy.errors.AuthError'>) *** function: uploadSharepoint() at line 62 *** source: sp = sharepy.SharePointSession("https://company.sharepoint.com", auth) Token request failed. Invalid server response Unable to upload file to SharePoint: MobaXterm Sessions7.mxtsessions

XML from microsoft federation service: https://login.microsoftonline.com/[email protected]&xml=1

<RealmInfo Success="true">
<State>3</State>
<UserState>2</UserState>
<Login>[email protected]</Login>
<NameSpaceType>Federated</NameSpaceType>
<DomainName>company.net</DomainName>
<FederationGlobalVersion>-1</FederationGlobalVersion>
<AuthURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/passive?username=smithjo1%40company.net&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=</AuthURL>
<IsFederatedNS>true</IsFederatedNS>
<STSAuthURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/active</STSAuthURL>
<FederationTier>0</FederationTier>
<FederationBrandName>company</FederationBrandName>
<AllowFedUsersWLIDSignIn>false</AllowFedUsersWLIDSignIn>
<Certificate>TUlJRG1qQ0NBb0tnQX...<removed>...</Certificate>
<MEXURL>https://company.okta.com/app/office365/<removed>/sso/wsfed/mex</MEXURL>
<PreferredProtocol>1</PreferredProtocol>
<EDUDomainFlags>0</EDUDomainFlags>
<CloudInstanceName>microsoftonline.com</CloudInstanceName>
<CloudInstanceIssuerUri>urn:federation:MicrosoftOnline</CloudInstanceIssuerUri>
</RealmInfo>

Python app source code snippet:

import requests
import sharepy

	auth = sharepy.auth.SharePointADFS(username=g.username, password=g.password)
	auth.login_url = "https://login.microsoftonline.com/extSES.srf"
	sp = sharepy.SharePointSession("https://company.sharepoint.com", auth)

Thank you.

sandemi1 avatar Feb 17 '22 13:02 sandemi1

Probably want to authenticate using OAuth instead, which I don't think is currently supported

karimabuseer avatar Feb 21 '22 16:02 karimabuseer