Skip to main content

We were using Jamf Connect with Azure/Entra for about a year without issue, it's only used on a small number of clients and I'm unsure how often the computers are actually used, but at the moment none permit authentication.


I've trimmed down the config to the barebones, and even recreated the app registration in Entra without any change.


Any user attempting to sign in sees Invalid Response Code 401 from https://login.microsoftonline.com and it gets no further.


The original working plist for jamf.connect.login included, the following, but has been well trimmed down to just app registration IDs and secrets without any change.


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>BackgroundImage</key>
<string>/usr/local/share/jc.jpg</string>
<key>CreateAdminUser</key>
<false/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>LoginWindowMessage</key>
<string>DU Welcome</string>
<key>Migrate</key>
<false/>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>ABC</string>
<key>OIDCClientSecret</key>
<string>ABC</string>
<key>OIDCIgnoreCookies</key>
<true/>
<key>OIDCLocalAuthButton</key>
<string>CIS Login</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>ABC</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>XYZ</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCAdmin</key>
<array>
<string>Administrator</string>
</array>
</dict>
</plist>

Hello
Have you try run it in the config app, that come with Jamf connect pkg?

Using the app, the test fails saying provider unable to be contacted 

Unable to load your identity provider


The identity provider for your system is unable to be contacted. Check network settings or contact technical support.

Here is mine, that working in hybrid mode


com.jamf.connect: https://pastebin.com/epwhT4at
com.jamf.connect.login: https://pastebin.com/63xw0iEn

have you try follow this?
https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Integrating_Jamf_Connect_with_Microsoft_Azure_AD.html

Thanks for that, do you know where you get this from entra?




  1. <key>ROPGDiscoveryURL</key>



  2. <string>https://adfs.esis.dk/adfs/.well-known/openid-configuration</string>


Thanks for that, do you know where you get this from entra?




  1. <key>ROPGDiscoveryURL</key>



  2. <string>https://adfs.esis.dk/adfs/.well-known/openid-configuration</string>



no, I use ADFS infront of mine Azure

Thanks for that, do you know where you get this from entra?




  1. <key>ROPGDiscoveryURL</key>



  2. <string>https://adfs.esis.dk/adfs/.well-known/openid-configuration</string>



try this guide
https://hcsonline.com/support/white-papers/how-to-configure-jamf-connect-with-microsoft-azure

edit
its a old guide

according to entra, authentication is fine - showing success against the app

Using the app, the test fails saying provider unable to be contacted 


@pchrichard were you ever able to resolve this?  I am just starting to implement Jamf Connect now and I am encountering this exact thing.

Reply


Terms & ConditionsCookie settings