I have noticed that the addition of the office 365 in the access portal for Microsoft identity use in free login with teh cnmaetsro 1.5.1 seems to have some probelsm which I sned them to teh forum in case someone catched the people that suppose to asnwer for my ticket.
I have used azure to setup my login api with reply address : https://d1xnwgad42lfux.cloudfront.net/assets/views/office.html and with homepage url : https://d1xnwgad42lfux.cloudfront.net/. the user is redirected properly but when trying to make the login there is a redirection from https://login.microsoftonline.com/ to https://account.microsoft.com/account. This redirection is not happening as the system informs the user that internet connection is necessary for the redirection to be performed and thus the access portal does not enable login with Microsoft account. Maybe the button of yours could be corrected in order to redirect to the https://account.microsoft.com/account which could resolve the problem. The login is not working neither in PC nor in mobile devices. Also the footer is not visible in PC neither in Firefox nor in chrome except if I reduce the web page size to 75% of its original size. Finally in android there is always a warning about non secure connection to the portal redirection where you should state that you agree to forward even with this security problem.
For office365 we internally add the first initial domains required for the Office365 login into the whitelist on the device which are "secure.aadcdn.microsoftonline-p.com" and"login.microsoftonline.com". You still need to add the domains on which your microsoft account is hosted. If it's on microsoft provided server then you will need to add "account.microsoft.com" into the whitelist. Under the office365 config on the cnMaestro guest portal you will find an option to add the whitelist entries. Once you add and hit save the new values are pushed to the device. If in the whole login process if you still get redirected to another domain then please add that too. I believe the first one itself should be sufficent for it to get it working.
I have folowed your instructiosn and got teh whitelist with all teh redirectionn. Afte adding your 2 addresses and the third that I was reffered to, I am having a redirection directly to account.microsoft.com and when I add my username I am rediretcted to teh same screen.
I am not able to login. Since the proceduree xits form 1.5.1 and on ther eis noone else tested arround. Can you please test locally and let me knwo what procedure I have to follow exactly.
Teh reply address par example is not enabled for copy/past ein cn maestro an dthis migh leed to soem mistakes if not copied corertcly manually , athough I dont belive its a problem.
This was tested locally here and works fine . I believe all the domains required is whitelisted . Looks like APP id is not configured properly . Also Copy of Reply URL in Cnmaestro has issue in Mozilla firefox , Please try in Chrome browser . IPlease find attachment for configuring office 365 App id and using Cnmaestro
When the whitelist is not applied I am redirected to teh address bellow where I have a white screen only right after inserting my username which is my email address:
The two addresses which I mentioned are already taken care internally by cnMaestro and you don't have to add them explicitly. The only thing you needed was the third address account.microsoft.com where your account seems to be managed. I would suggest you to go to https://login.microsoftonline.com/ from your regular machine which has Inertnet access and when you give your office365 business account email ID then check which domain you are redirected and then add those domains into whitelist.
Try google chrome browser for cnMaestro account and you should be able to copy paste the reply URL's.
Hello Kunal, I have followed what Kunal has instructed me and I think that the problem is based on the whitelisting procedure. I am adding my web page at www.gnems.gr or https://www.gnems.gr/ and they don’t pass through the white list as they should. So does the redirection of my login to Microsoft to login.live.com. Actually, the two sites behave differently. The gnems.gr redirect to access portal while the ligin.live.com redirect properly but then you get a white screen. Both although seem to not work properly as they should if they were in the whitelist which means that thwy always should be provided with access from the AP whether the user has successfully connected or not to the AP.
It works properly if the internet has given to the PC or the mobile device so it’s not a problem of internet locally or device problem or browser problem.
I cannot find out how you DID make it work on your side. I have to finish with this as I am preparing an installation with 7 E500 for public wifi and having all ways of login to the public wifi add a special character to my work.
I have noticed that white list asks fro ip address an dthus i have tried my web sit ewith it's IP. It works ok in teh white list now an dthsu I have tried also for the login.live.com at 131.253.61.???.
It redirect but stil gives white screen like not allowing something to pass through.
I have noticed that there is a whitelist under Wlan--> Guest Access and also in the Services--> Guest Access POrtal.
Which shouldbe the one which should include the whitelist redirection address you have reported in your earlier responses. Maybe on both. I have not add them to the Wlan but only to Services.
Also I am including a common folder in dropbox with a video of the problem in all three browsers and two exports of whireshark for a successful logging in google + and the unsuccessful in Microsoft.
I suppose they have already being transferred to the engineers by Kimmi.
The whitelist under wlan->Guest Access is used when you are using onboard Guest access. For cnMaestro guest access please use the whitelist provided in the services. I just tested one live account with my test app and these are the domains which I had in my whitelist settings:
1. *.live.com
2. login.microsoftonline.com
3. auth.gfx.ms
If things still doesn't work then please follow the following steps:
1. Connect a wireless client and open a firefox browser and use some URL to get login page.
2. Now open the developer option by clicking on the right most option on the browser and eventually select web console from it. Once you have webconsole for this window then select "Network" in the console window which is the right most item in the console window.
3. In then network window you will be able to see what all network operations are being performed. You will also see that for each HTTP operation it also lists the "Method", "File", "Domain", etc.
4. Ensure that all the domains shown here are part of the whitelist.
Another thing you can do is at step 4 you can connect back to another network which gives you Internet access and then you perform login from this login page and make notes of all the domains which are accessed from the web console. Once you have the full list and your login goes through you just add them into the whitelist in the services->Guest Portal.
Always start your wireless client tests by disabling it's wifi network and enabling it back and then connect it the desired network. Sometimes the devices tend to use cached DNS entries which are expired and things might not work as expected.
Followed the instructions and definitely moved one step forward bust stuck again with a funny message:
Sign In Sorry, but we're having trouble signing you in.
We received a bad request.
Additional technical information: Correlation ID: 0e95b613-11b8-4759-b282-dc7faee97bde Timestamp: 2017-08-08 21:09:38Z AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account. Please contact the application vendor as they need to use version 2.0 of the protocol to support this.
Note that I am not testing with an outlook account but with my yahoo email that I bound to my Microsoft account. I have to test it with an outlook account I suppose as any Microsoft account should be of this kind.
Is it possible to understand what the message said? Is it something that has to do with my API setup maybe?
Please try with accounts created on live.com or microsoftonline.com. We have not tested this kind of account with this feature. This feature has been mainly added for supporting Office365 business and school accounts and it also work for microsoft live and outlook accounts too. Also the application should be created on portal.azure.com.
AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account. Please contact the application vendor as they need to use version 2.0 of the protocol to support this.
Now you tell me to go to the azure. It is not like in the work instructions. Which is the correct?
By adding the new address the results are the same as with the old one. The change to the behavior was made when I have add the *.live .com in the whitelist as well as the other domains as per your instruction yesterday with the console of teh firefox
So now with the two address one of mine and one newly created the system gives the same error which I have attached before.
I have attached a document that contains updated information compared to the one you have. Please refer to that instead. This office365 guest access support is meant to support Office365 business and school accounts only and supporting any live/MSN accounts is not part of of this feature. It's main objective is to allow people from a single organization to sign in using the app which should be created by that Organization. Live/MSN accounts use a different API which is not supported by office365 login.
