Jamf Connect + Onelogin: Unable to load Identity Provider

Flaurian
Contributor

Hello :) 

because I'm still struggling with Jamf Connect for testing Onelogin. I'm using the latest version of Jamf Configurator (2.9.0) Please note, for my test instance, I didn't configure MFA for Onelogin. 

I don't know if it's the OIDCTenant or something else why it's not working but I tested already these things for OIDCTenant. 

Error message from Jamf Configurator: " Unable to load Identity Provider "

Error message from Onelogin: "OIDC authorization code for Jamf Connect FAILED" 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CreateJamfConnectPassword</key>
<true/>
<key>OIDCClientID</key>
<string>Onelogin-Client-ID</string>
<key>OIDCClientSecret</key>
<string>Secret</string>
<key>OIDCDiscoveryURL</key>
<string>https://<mycompanyname>.onelogin.com/oidc/2/.well-known/openid-configuration</string>
<key>OIDCIgnoreCookies</key>
<false/>
<key>OIDCProvider</key>
<string>OneLogin</string>
<key>OIDCROPGID</key>
<string>Onelogin-Client-ID</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>Onelogin-Client-ID</string>
</dict>
</plist>

1 ACCEPTED SOLUTION

Thanks, @YanW I solved it finally with the Jamf Support team. It looks like for me, they missed keeping the Onelogin documentation up2date. 

In case, u configured OneLogin as an OIDC connection u have to change the authentication method to "POST" not to "none". Afterward, I got tokens and I configured also ROPG / Discovery URL / Secret 

View solution in original post

6 REPLIES 6

YanW
Contributor III

We put MFA even it's not configured. We tried 1 thing at a time, using the most basic configuration, at the end, we removed the DiscoveryURL and Secret. 

	<key>ROPGSuccessCodes</key>
	<array>
		<string>MFA</string>
	</array>

  

Thanks for ur answer but if I remove "DiscoveryURL and Secret" I'm unable to SignIn to OneLogin. I already tested it to add "MFA" as ROPGSuccessCodes but no chance - same result. 

 

YanW
Contributor III

What was your OIDC test result in the Jamf Connect Configuration? We use the most basic setup. 

Screen Shot 2022-02-24 at 7.54.16 AM.png

jamf connect.jpg

 

Thanks, @YanW I solved it finally with the Jamf Support team. It looks like for me, they missed keeping the Onelogin documentation up2date. 

In case, u configured OneLogin as an OIDC connection u have to change the authentication method to "POST" not to "none". Afterward, I got tokens and I configured also ROPG / Discovery URL / Secret 

jbresee
New Contributor III

Thanks for posting this! 

It helped me fix my configuration. I was getting an error with JAMF connect that was corrected by switching from NONE to POST on the onelogin side.

You rock!!

Prabhu
New Contributor

Hello Everyone, 

When we signed into Jamf Connect menubar we're getting MFA error, does anyone have a idea about this error. 

Attached the screenshot for reference. 

Screenshot 2023-10-05 at 6.42.33 PM.png