Help

Invalid Response Code: 401

pchrichard
Contributor

Posted on ‎01-08-2025 08:24 AM

We were using Jamf Connect with Azure/Entra for about a year without issue, it's only used on a small number of clients and I'm unsure how often the computers are actually used, but at the moment none permit authentication.

I've trimmed down the config to the barebones, and even recreated the app registration in Entra without any change.

Any user attempting to sign in sees Invalid Response Code 401 from https://login.microsoftonline.com and it gets no further.

The original working plist for jamf.connect.login included, the following, but has been well trimmed down to just app registration IDs and secrets without any change.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>BackgroundImage</key>
<string>/usr/local/share/jc.jpg</string>
<key>CreateAdminUser</key>
<false/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>LoginWindowMessage</key>
<string>DU Welcome</string>
<key>Migrate</key>
<false/>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>ABC</string>
<key>OIDCClientSecret</key>
<string>ABC</string>
<key>OIDCIgnoreCookies</key>
<true/>
<key>OIDCLocalAuthButton</key>
<string>CIS Login</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>ABC</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>XYZ</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCAdmin</key>
<array>
<string>Administrator</string>
</array>
</dict>
</plist>

0 Kudos
Reply
10 REPLIES 10

RaxiaDK
Contributor III

Posted on ‎01-08-2025 12:05 PM

Hello
Have you try run it in the config app, that come with Jamf connect pkg?

0 Kudos
Reply

pchrichard
Contributor

Posted on ‎01-09-2025 01:35 AM

Using the app, the test fails saying provider unable to be contacted 

0 Kudos
Reply

jamiesmithJAX
Contributor
In response to pchrichard

a month ago

@pchrichard were you ever able to resolve this?  I am just starting to implement Jamf Connect now and I am encountering this exact thing.

0 Kudos
Reply

pchrichard
Contributor

Posted on ‎01-09-2025 01:36 AM

Unable to load your identity provider

The identity provider for your system is unable to be contacted. Check network settings or contact technical support.

0 Kudos
Reply

RaxiaDK
Contributor III

Posted on ‎01-09-2025 01:45 AM

Here is mine, that working in hybrid mode

com.jamf.connect: https://pastebin.com/epwhT4at
com.jamf.connect.login: https://pastebin.com/63xw0iEn

Reply

RaxiaDK
Contributor III

Posted on ‎01-09-2025 01:47 AM

have you try follow this?
https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Integrating_Jamf_Connect...

0 Kudos
Reply

pchrichard
Contributor

Posted on ‎01-09-2025 01:51 AM

Thanks for that, do you know where you get this from entra?

  1. <key>ROPGDiscoveryURL</key>
  2. <string>https://adfs.esis.dk/adfs/.well-known/openid-configuration</string>
0 Kudos
Reply

RaxiaDK
Contributor III
In response to pchrichard

Posted on ‎01-09-2025 01:53 AM

no, I use ADFS infront of mine Azure

0 Kudos
Reply

RaxiaDK
Contributor III
In response to pchrichard

‎01-09-2025 01:55 AM - edited ‎01-09-2025 01:57 AM

try this guide
https://hcsonline.com/support/white-papers/how-to-configure-jamf-connect-with-microsoft-azure

edit
its a old guide

0 Kudos
Reply

pchrichard
Contributor

Posted on ‎01-09-2025 02:29 AM

according to entra, authentication is fine - showing success against the app

0 Kudos
Reply
li.common.scroll-to.top