MeshCentral icon indicating copy to clipboard operation
MeshCentral copied to clipboard

Published 20 hours ago verified publisher icon Ylianst

Entra ID (Azure AD) auth not working - internal server error

Open amirukg opened this issue 7 months ago • 9 comments

When i attempt to log in using Microsoft account, successfully passing Auth window and MFA i see "internal server error"

Steps to reproduce the behavior:

  1. Go to Meshcentral login page
  2. Click "Microsoft icon"
  3. Fill the Authentication form with Login and password, pass MFA.
  4. See error

I expected to log in Meshcentral under my Entra ID account.

Screenshots: image

Server Software

  • OS: Ubuntu 22.04
  • Virtualization: Hyper-V
  • Network: Meshcentral server is after NAT
  • Version: 1.1.24
  • Node: 20.15.0

Client Device

  • Device: Laptop
  • OS: Windows 11
  • Network: Local to Meshcentral, Internet to Meshcentral
  • Browser: Google Chrome, Edge

Additional context meshcentral-data/mesherrors.txt has errors: InternalOAuthError: Failed to obtain access token at OAuth2Strategy._createOAuthError (/root/node_modules/passport-oauth2/lib/strategy.js:423:17) at /root/node_modules/passport-oauth2/lib/strategy.js:177:45 at /root/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:196:18 at ClientRequest.<anonymous> (/root/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:166:7) at ClientRequest.emit (node:events:519:28) at TLSSocket.socketErrorListener (node:_http_client:500:9) at TLSSocket.emit (node:events:519:28) at emitErrorNT (node:internal/streams/destroy:169:8) at emitErrorCloseNT (node:internal/streams/destroy:128:3) at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

My azure app settings: API permissions: image Redirect URI: image

config.json file

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. E>
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "mydomain.example",
    "WANonly": true,
    "_LANonly": false,
    "_sessionKey": "mysessionkey",
    "port": 443,
    "aliasPort": 20443,
    "redirPort": 80,
    "redirAliasPort": 80
  },
  "domains": {
    "": {
      "title": "MeshCentral",
      "title2": "Title2",
      "minify": true,
      "newAccounts": false,
      "_userNameIsEmail": true,
      "authStrategies": {
        "azure": {
          "_callbackurl": "https://mydomain.example:20443/auth-azure-callback",
          "newAccounts": true,
          "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
          "clientid": "myclientID",
          "clientsecret": "myclientsecret",
          "tenantid": "mytenantID"
        }
      }
    }
  },
  "letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "[email protected]",
    "names": "mydomain.example",
    "skipChallengeVerification": false,
    "production": true
 }
}

amirukg avatar Jun 28 '24 09:06 amirukg