cancel
Showing results for 
Search instead for 
Did you mean: 

How to Implement Microsoft Entra ID Registration with OpenID

How to Implement Microsoft Entra ID Registration with OpenID

Antonio_Opromol
Contributor II

Hi, 

I've updated my XIQ-SE + ExtremeControl to latest version 

xiq-se_version.PNG

and I'm trying How to Implement Microsoft Entra ID Registration with OpenID 

I've configured Captive Portal for Entra ID registration and the test is successful

caprive portal conf for web user entra id.PNG

I've added the nac rule:

nac rule.PNG

But on the client, when press the Button "Sign in with Microsoft" nothing happen (network login and Register as Guest works instead).

captive portal.PNG

 

How can I debug what's the problem?

9 REPLIES 9

Zdeněk_Pala
Extreme Employee

The communication is between the web browser on the client and Microsoft.  Setting "Allowed Sites" in the ExtremeControl is used when the traffic is proxied through the Access Control Engine. I do not expect any behavior change if you change the "Allowed Sites" list.

Regards Zdeněk Pala

Antonio_Opromol
Contributor II

I want to add the result of a new test I've made: I've added in the allowed website the following domains: msauth.net and office.com and now If in the browser of the unauthenticated client type: https://login.microsoftonline.com I'm redirected to the login page of Office 365 and after the username and password I'm lgged in to office 365.

Instead if I press the button for Window auth on the NAC authentication page of the Captive Web Portal , nothing happens...

can you elaborate more on "nothing happens"? The button should open Microsoft web. are you waiting long enough to see 404 page? in case your policy is blocking the traffic? When you do a packet capture on the client what is happening? do you see attempt of the connection from the web browser?

As a troubleshooting step, you can permit all HTTPs traffic (HTTP will be redirected to the captive portal, but HTTPs will not be blocked). You can eliminate the problem with policy definition.

Can you also check you can reach the Microsoft pages from the access control engine?

 

 

Regards Zdeněk Pala

Hi Zdenek,

I've modified the configuration in my lab in manner that now I redirect to ExtremeControl Captive portal with PBR, but the behavior is still the same. In the wireshark on the client when I click on the Log in with Microsoft button nothing happens (seems there is no code binded to the button but sure is problem in mi case because in your works).

I can debug the code\script that is under this button on the portal page?

GTM-P2G8KFN