Jamf Nation Community

Did either of you ever get this resolved?

I would also like to hear a response, as I am experiencing this same problem now. 6 months after the last post on this thread.

Has anyone figured this out yet?

When logging in make sure that the proper browser is selected and that the browser plugin is installed and active.

I've witnessed this looping behavior occur if the IdP is waiting for the Jamf Connect Login client to provide the key

<key>OIDCClientSecret</key>

as part of the authentication process. While the error log may specifically call out "body must contain the following parameter: ‘client_assertion’ or ‘client_secret’", the log may also return error code 401 despite Azure logging the authentication as successful.

I'm experiencing this issue in Jamf Connect 2.0. FV2 was ON and individual recovery keys were escrowed to JAMF.

Having the same issue on Jamf Connect 2.0. Using the same settings in a new configuration profile as with Jamf Connect 1.xx (where it is still working fine), but it keeps redirecting me back to the login page. I did notice you can login with a local account, while that actually should not work as it is not enabled in the configuration profile, aside from the fact that I'm authenticating to my IdP. Setting your client secret should not be necessary if you've set that option to "Use PKCE" within your IdP, so that shouldn't be the cause..

Update: I got it fixed. Had to set the “Require Network Authentication” key to “True” in my JCL's config profile and now it's not in a loop anymore.

I am also experiencing this issue trying to authenticate via Okta. I get the prompt for MFA and after completing it, the screen refreshes back to the JCL screen.

Having the same issue on Jamf Connect 2.0. Using the same settings in a new configuration profile as with Jamf Connect 1.xx (where it is still working fine), but it keeps redirecting me back to the login page. I did notice you can login with a local account, while that actually should not work as it is not enabled in the configuration profile, aside from the fact that I'm authenticating to my IdP. Setting your client secret should not be necessary if you've set that option to "Use PKCE" within your IdP, so that shouldn't be the cause.. Update: I got it fixed. Had to set the “Require Network Authentication” key to “True” in my JCL's config profile and now it's not in a loop anymore.

I have tried setting DenyLocal to true but the issue persists.

I am also experiencing this issue. Tried DenyLocal to true also but the issue persists here also. Tried using Use PKCE and setting a client secret and neither seems to change the behavior. Using Okta as the iDP.

I am late to the party. Think the issue is related to having AuthServer & OIDCAuthServer filled out. What I did with the Jamf Connect Config, is just leaving OIDCAuthServer blank and only fill out the Auth Server. If you're using a .plist is just have only AuthServer & get rid of <key>OIDCAuthServer</key>

I'm seeing this with 2.1.1 and Okta, but I don't have the OIDCAuthServer key set, and still get this...

This is my .plist, which it's working fine with 2.1.1, so maybe check if you're missing one key or try and use the same setup?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>AuthServer</key> <string>xxx.okta-emea.com</string> <key>BackgroundImage</key> <string>/usr/local/images/xxx.jpg</string> <key>CreateAdminUser</key> <true/> <key>DenyLocal</key> <true/> <key>EnableFDE</key> <true/> <key>HelpURLLogo</key> <string/> <key>LocalFallback</key> <false/> <key>LoginLogo</key> <string>/usr/local/images/xxx.png</string> <key>LoginScreen</key> <true/> <key>OIDCClientID</key> <string>xxxxxxxxxxxx</string> <key>OIDCDefaultLocal</key> <false/> <key>OIDCIgnoreAdmin</key> <true/> <key>OIDCProvider</key> <string>Okta</string> <key>OIDCRedirectURI</key> <string>xxxxxx</string> </dict>
</plist>

Update - I ran into this issue and worked with Support. Oddly enough, removing any entries not being used in the Config Profile resolved this issue for us with JamfConnect Login and JamfConnect. I would suggest edit the config profile, erase and re-enroll your test device to fully test.

@AdamM01 Removing any entries not being used in the config profile means by de-selecting them / unticking them, so they won't become visible as an empty setting in the plist. Also, is your "“Require Network Authentication" key set to True?

Experienced the same issue. 

Worked:

Removing the access ID from the .plist and only using the Admin ID. 

I will test a new config profile and create it for the access ID. 

The redirect URIs need to be the same! (Solution) Based on the training video it had diff ones

I know I'm late to this party. We are authenticating to Azure/O365 and occasionally see this as well. Sometimes it's as simple as switching to different internet like a hotspot and then it connects and authenticates again. I've certainly looked at all of the suggestions here as well. I have been able to log in and create a new account when other existing accounts aren't working. My most recent fix was to delete the user account and leave the home folder in place then sign in with the user's email address let it create the new account and find the old home folder. Fortunately all files and apparently user preferences were there afterward. In my case it appears there was some corruption in the local account. I think the same symptoms we see on the login loop could have multiple causes. Hope this helps someone in the future!