Azure AD roles map and synchronize with DNN roles
maduranga001 opened this issue · 5 comments
I am using a free Azure version, So I can use only the default Azure AD roles. I created a new role on DNN and mapped on the "ROLE MAPPINGS". But I can not see the DNN user has updated with the role.
Please, can you advise me on how to work with this?
Thank you!
To setup role sync, you have to setup the Graph API App on the "Advanced settings" and check the Role Sync checkbox.
I've got a problem with Profile sync
I enabled this feature, in Graph Client I set
- Application Id
- Secret key
with the same values used in General Settings
I've this errorr
DotNetNuke.Authentication.Azure.Components.Graph.GraphClient - Error Calling the Graph API:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"date": "2021-07-16T12:11:31",
"request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69",
"client-request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69"
}
}
}
System.Net.WebException: Error Calling the Graph API:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"date": "2021-07-16T12:11:31",
"request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69",
"client-request-id": "714dbf91-9c1f-4dbd-a2f7-58cd233e0a69"
}
}
}
at DotNetNuke.Authentication.Azure.Components.Graph.GraphClient.SendGraphRequest(String api, String query, String body, GraphApiVersion apiVersion, HttpMethod httpMethod)
at DotNetNuke.Authentication.Azure.Components.Graph.GraphClient.GetUserProfilePictureMetadata(String userId)
Is there a way to solve?
Sounds like a permissions issue with the application. If you are going to use the same application for both the delegated and graph API background API calls, ensure that:
- You added the required delegated permissions
- You added the required "application" scope permissions and granted them for the organization. In the current version, there are calls to the Azure AD Graph API and the Graph API, so you must add permissions to both Graph APIs until the next release when only the Graph API will be used (see #39)
Hello. I am working to set up Azure AD as an authentication for multiple portals in my installation (09.04.03). I have the AAD App Registration configured, and am able to create the user when logging in via authenticator for the first time on the host portal. I also created Roles in AAD with group associations, and mapped these in the provider. However the roles are not added when creating the user.
The Graph API settings are set per the documentation, using the App ID and Secret. I have Graph API User.Read set in API Permissions. The roles appear to be in the sent token (they are in the Manifest). Are there other Graph API permissions, or do roles in DNN need to be configured differently in order for them to map properly (ex. Role Groups, not Global Roles)?
Starting v4.1.0 Azure AD Graph is no longer used. Now Microsoft Graph is used for all the API calls. Please, check the upgrading instructions and Graph API permissions mentioned on the release
https://github.com/davidjrh/dnn.azureadprovider/releases/tag/v4.1.0