cancel
Showing results for 
Search instead for 
Did you mean: 

How to Implement Microsoft Entra ID Registration with OpenID

How to Implement Microsoft Entra ID Registration with OpenID

Antonio_Opromol
Contributor II

Hi, 

I've updated my XIQ-SE + ExtremeControl to latest version 

xiq-se_version.PNG

and I'm trying How to Implement Microsoft Entra ID Registration with OpenID 

I've configured Captive Portal for Entra ID registration and the test is successful

caprive portal conf for web user entra id.PNG

I've added the nac rule:

nac rule.PNG

But on the client, when press the Button "Sign in with Microsoft" nothing happen (network login and Register as Guest works instead).

captive portal.PNG

 

How can I debug what's the problem?

9 REPLIES 9

Hi Antonio.

I did not test the Entra ID with PBR.

Regarding troubleshooting/debugging, I suggest opening a GTAC ticket.

 

Regards Zdeněk Pala

Hi Zdenek,

when I press the "SIgn in with Microsoft" button, in my wireshark session on the client, I don't see DNS request for any microsoft websites, seems that there is no redirection to the login page of microsoft and I don't see client connections to microsoft website at all.

In my configuration for the redirection I use the "Proxy DNS" method because my lab router (pfsense) seems not works with PBR.

Antonio_Opromol
Contributor II

Hi Ryan and Zdenek,

I've added login.microsftonline.com to the allowed URL and domain in the network settings and allowed web of the captive portal

allowed_domains.PNG

allowed_web_sites.PNG

but when I click on the Microsoft login button the redirection to microsoft site doesn't happen.

If in the web client browser I try to go to https://login.microsoftonline.com I've a redirect page but empty:

loginmicrosofonlien_page.PNG

Probally I don't put the Allowed web site in the correct format ....How debug more deep the problem?

Zdeněk_Pala
Extreme Employee

both the Access Control Engine and the client must have access to the Microsoft 

Regards Zdeněk Pala

Ryan_Yacobucci
Extreme Employee

Hello,

Are you allowing client traffic out to Microsoft through the walled garden on the policy on the controller or switch?

The button should redirect the client out to login.microsoftonline.com, if the client has access to this resource blocked.

Thanks
-Ryan

GTM-P2G8KFN