Jamf Connect 2.12.0 Now Available

We have FileVault enabled at first Login, using Jamf Pro config profile, not the Jamf Connect Login profile.
Updated to 2.12.0, and now the screen goes black after entering the IdP credentals. The "enable FileVault" pops-up on the black screen. Press OK, and FV does it thing, the screen goes black again, and after 40 seconds the Desktop appears. If I set the FV to enable at logout, this does not happen.

When using 2.11, we can see the backgroud image as defined in the Jamf Connect Login profile, and there is a progress bar that says something like "we are creating your account"

Users that updates to 2.12.0 are getting a pop-up (from the Jamf menu item) to re-login with there Azure credentials but get all the error: 

Incorrect network username or password. Try again.
Error from request to URL: https://login.microsoftonline.com/7675ce5b-......

ERROR: Unknown error. Message: AADSTS900144: The request body must contain the following parameter: 'resource'.

Trace ID: e5c06e8c-2706-.....

Correlation ID: 6dfccc4e-e8a3-.....

Timestamp: 2022-05-04 13:45:00Z, STATUS: 400

They enter the correct password, but the login message keeps coming.

How do we solve this?

We are having the exact same problem. Currently, we are rolling users back to 2.11 and that is getting them working again. Wondering if there is an update to the config needed that we are not aware of.

Hey @jxxsmith, what did you do to rollback to 2.11? If we do it in Jamf Pro in the Jamf Connect Deployment and Update Settings it keeps giving the status 'Pending'. I think rollback is not supported in there.
I also tried to follow the possible fix but that is not working for us: Jamf Connect Error Codes - Travelling Tech Guy
Search for error: AADSTS900144

We also got this error message. I had to unscope deploying any version of JC in the Global settings, then rescope 2.11, you can't downgrade so this won't fix it fully. So then I built a policy that deployed the JC uninstaller and JC 2.11 installer to reinstall 2.11. 

I think I have narrowed down the issue to setting Azure as the provider, if it is changed to Custom, it will work. At least so far in my testing. 

I got this from Slack Admin Connect Channel and it has worked for us without having to rollback. 

For anyone seeing this issue with error code AADSTS900144 - if you are using Azure as your identity provider, do NOT define OIDCDiscoveryURL or ROPGDiscoveryURL. Use the default Azure discovery URL’s.

Microsoft will be deprecating the v1 endpoint for the discovery URLs soon. 2.12 is using the new v2 discovery URLs.

If you absolutely must define the discovery URL, use a format like the following:
https://login.microsoftonline.com/TENANT_ID/v2.0/.well-known/openid-configuration

Note the v2.0 in the URL. All I did was edit out existing COnfig and added a v2.0 and updated all effected users. 

Thank you for your reply!

We are using Azure as the provider in the PLIST only we have not defined the OIDCDiscoveryURL and ROPGDiscoveryURL.
But do we need to set this anyway? Because I read in the last part of your post your organisation has defined this?

Once again thank you for helping.

Two main issues after upgrading to JC 2.12:
1 - JC Finder menu showing negative password expiry date initially until JC is restarted
2 - Login background turning black and overwriting the CP's custom settings

Regarding issue 2, as we're seing this too. It seems to be related to the FileVault config profile, at least for us it is.

We have the same setup; Azure and no OIDCDiscoveryURL and ROPGDiscoveryURL defined.
We're not getting the error AADSTS900144 or anything, except for an issue with black login backgroud, the IdP login works as expected.

We're not rolling out version 2.12 to our production environment. Two glitches too far! 

Same here, I only have it on test for now...

We have also no OIDCDiscoveryURL or POPGDiscoveryURL defined but getting this error. 

Im still searching for a working solution to avoid rollback.

How can we downgrade to 2.11? If we deploy the .PKG in a policy it says the 2.11 package is installed but version 2.12 is still on the system.
If we do it in Jamf Pro in the Jamf Connect Deployment and Update Settings it keeps giving the status 'Pending'. I think rollback is not supported in there.

Hi

I just found this script to uninstall JC... testing now but looks good. As soon as there is no JC it should install the tageted version in Jamf Applications.

Hi @LeafarM , I don't see any script in your post.
Thank you anyway for helping!

https://github.com/jamf/JamfConnectUninstall

I am getting ROPG errors - I rolled back to 2.11.0.  I created a rollback policy that runs the Uninstall pkg, then runs the 2.11.0 pkg.  Also noted that if re-installing I had to add a sudo killall "Jamf Connect" command so it does not interrupt the user.  I did post to our user base of Jamf Connect will appear for a second but then it will end and all that is needed is to relaunch it.  It was an ugly method, but it was the only thing I can do in a situation in which a multitude of users was impacted with the 2.12.0 release.

If anyone is having issues with Azure after upgrading to 2.12-2.14, please check out my post here.

@LeafarM I was getting the AADSTS900144 error and removed my discovery url properties as well. That just made my error go generic, with Azure saying the login was successful.

TL;DR: you need to remove your Client Secret & Client Secret (Hybrid) properties as well.

I finally just set the error on the Password Verification Sucess Codes list. I know this ist not the best way but it worked aswell ;). I ll give your solution a try, thank you!