phpSPO icon indicating copy to clipboard operation
phpSPO copied to clipboard

Published 20 hours ago verified publisher icon vgrem

Can't set it up.

Open sqpp opened this issue 3 years ago • 8 comments

Hey,

So I was setting up this, however, it seems to return some fatal error for some reason to me.

What I did was uploading the vendor folder, but for now, I was rather using the examples and then modify the paths accordingly.

Nevertheless I receive the following error:

Notice: Undefined offset: 1 in /home/simtracker/public_html/devtest/Settings.php on line 8

Notice: Undefined offset: 2 in /home/simtracker/public_html/devtest/Settings.php on line 11

Fatal error: Uncaught Error: Call to a member function getContent() on null in /home/simtracker/public_html/devtest/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php:161 Stack trace: #0 /home/simtracker/public_html/devtest/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php(107): Office365\Runtime\Auth\SamlTokenProvider->acquireSecurityToken('', NULL) #1 /home/simtracker/public_html/devtest/vendor/vgrem/php-spo/src/Runtime/Auth/AuthenticationContext.php(72): Office365\Runtime\Auth\SamlTokenProvider->acquireToken(Array) #2 /home/simtracker/public_html/devtest/vendor/vgrem/php-spo/src/SharePoint/ClientContext.php(76): Office365\Runtime\Auth\AuthenticationContext->acquireTokenForUser('', NULL) #3 /home/simtracker/public_html/devtest/UploadFile.php(22): Office365\SharePoint\ClientContext::connectWithUserCredentials('https://darkelv...', '', NULL) #4 {main} thrown in /home/simtracker/public_html/devtest/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php on line 161

My settings are correct, although I am not sure what should be the redirectURL?

How could I fxi this error?

sqpp avatar Aug 11 '20 14:08 sqpp

I am also experiencing this. Valid credentials, can login via URL, but not through the API. same Error. Call to a member function getContent() in the same file

wisnetmark avatar Aug 26 '20 20:08 wisnetmark

Here also this "call to a member function GetContent() on null" error, but on a different line:

PHP Fatal error: Uncaught Error: Call to a member function getContent() on null in /home/im/Documents/src/sharepoint/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php:129 Stack trace: #0 /home/im/Documents/src/sharepoint/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php(78): Office365\Runtime\Auth\SamlTokenProvider->acquireSecurityToken() #1 /home/im/Documents/src/sharepoint/vendor/vgrem/php-spo/src/Runtime/Auth/AuthenticationContext.php(75): Office365\Runtime\Auth\SamlTokenProvider->acquireToken() #2 /home/im/Documents/src/sharepoint/ConnectOnline.php(22): Office365\Runtime\Auth\AuthenticationContext->acquireTokenForUser() #3 {main} thrown in /home/im/Documents/src/sharepoint/vendor/vgrem/php-spo/src/Runtime/Auth/SamlTokenProvider.php on line 129 I'm on v2.4.2.

ivomans avatar Oct 05 '20 12:10 ivomans

After adding a print_r($response); on line 123 of file src/Runtime/Auth/SamlTokenProvider.php I've learned:

Office365\Runtime\Http\Response Object ( [StatusCode:protected] => 200 [Content:protected] => <?xml version="1.0" encoding="utf-8"?><S:Envelope ... <S:Text xml:lang="en-US">Authentication Failure</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x800434D4</psf:value><psf:internalerror><psf:code>0x800434D4</psf:code><psf:text>AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ''.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope> ) Does this library support multi-factor authentication?

ivomans avatar Oct 05 '20 12:10 ivomans

Had a very similar issue in the same area and kept getting "getContent() on null" which drove me nuts all day until I came across this post (after upgrading/downgrading phpSPO multiple times). Hopefully can get more error handling so we can see the error without having to put in the "print_r($response);". Here is what was being returned that caused my code to break (sanitized of any identifiers of course) ...

Office365\Runtime\Http\Response Object
(
    [StatusCode:protected] => 200
    [Content:protected] => Senderwst:FailedAuthenticationAuthentication Failure: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
)

jehap avatar Oct 19 '20 21:10 jehap

Greetings!

it appears the encountered authentication errors could be summarized into the following categories:

Conditional access

Cause: Conditional Access feature is enabled for the end customer account in Azure Active Directory

Error details: Authentication failed: S:Senderwst:FailedAuthenticationAuthentication Failure: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.

Resolution:

  1. adjust blocking rules, e.g. exclude user from the existing blocking rules. Refer official documentation for a details
  2. switch to sign-in with App-Only policy (recommended), refer this wiki page for the step by step instruction

Multi-factor authentication (MFA)

Cause: The request requires the user to do multi-factor authentication and then send this new token back to Web API and complete the on-behalf-of flow. MFA was enabled by triggering a rule if some action (e.g. sudden location change) was treated as "risky activity". For an account there is a "moved to a new location" flag that can get set, automatically triggering the need for MFA, even if it was initially off

Error details: AADSTS50076: Due to a configuration change made by your administrator or because you moved to a new location, you must use multi-factor authentication to access

Resolution:

  1. If you do face this, check the conditional access locations in Azure AD and check if your AAD admin can clear the flag. Disable MFA for the account or configure conditional access to give access to "Global Admin" role.
  2. switch to sign-in with App-Only policy (recommended), refer this wiki page for the step by step instruction

vgrem avatar Oct 20 '20 10:10 vgrem

Hi, tried to switch to App-Only policy. But still i get an error.

use Office365\Runtime\Auth\ClientCredential;
use Office365\SharePoint\ClientContext;

$settings['Url']            = "https://<our-site>.sharepoint.com";
$settings['ClientId']       = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX';
$settings['ClientSecret']   = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';

try {
    $credentials = new ClientCredential($settings['ClientId'], $settings['ClientSecret']);
    $ctx = (new ClientContext($settings['Url']))->withCredentials($credentials);

    $whoami = $ctx->getWeb()->getCurrentUser();
    $ctx->load($whoami);
    $ctx->executeQuery();
    print $whoami->getLoginName();
}
catch (Exception $e) {
	echo 'Authentication failed: ',  $e->getMessage(), "\n";
}

Error: Authentication failed: {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"de-DE","value":"Attempted to perform an unauthorized operation."}}}

floeffler-dimabay avatar Sep 22 '21 09:09 floeffler-dimabay

Turns out to be an issue with newer SharePoint online tenants. After creating a new App i got a step further. New error: Invalid token type.

The following parameter musst be set then with powershell: set-spotenant -DisableCustomAppAuthentication $false

The auth went fine then...

A documentation what to todo, to get it working with the new Azure Apps method, would be greats so.

floeffler-dimabay avatar Sep 22 '21 14:09 floeffler-dimabay

Got the same issue with Sharepoint APP Authentication. Is there a setting from phpSPO to set this:

The following parameter musst be set then with powershell: set-spotenant -DisableCustomAppAuthentication $false

Dadinos avatar Nov 09 '21 14:11 Dadinos