Connecting to SharePoint site other than the root with certificate fails #541
Comments
|
The problem is in the It needs to pass only the first part of the base_url (the "root") to AuthenticationContext. It is passing the entire url that it is passed. So, for example, if I pass I fixed this by modifying client_context.py:
with this code: |
|
Greetings, thank you for catching this bug!
since Meanwhile you could consider the following workaround: explicitly specify cert_settings = {
'client_id': '--your app client id goes here--',
'thumbprint': "--thumbprint of certificate goes here--",
'cert_path': '--path to a PEM encoded certificate private key--',
'scopes': ['https://{tenant}.sharepoint.com/.default']
}
ctx = ClientContext(test_team_site_url).with_client_certificate(''{tenant}.onmicrosoft.com'', **cert_settings)
current_web = ctx.web.get().execute_query()
print("{0}".format(current_web.url)) |
|
A new version has been released: |
|
@denicomp Could you tell me how can you generate the PowershellPnP.pem file? I tried to use the .cer file by: openssl x509 -in cert.cer -out cert.pem The cer comes from .\Create-SelfSignedCertificate.ps1 in https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread Then I got error "Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm". Could you tell me if there is any difference between yours and mine? |
I am trying to use certificate authentication.
If I connect to the root of my SharePoint, it works. But if I try to connect to any specific site, it gets an error. But both work through PowerShell.
Example - this is PowerShell using the cert in a .pfx file, connecting to the root (https://mytenant.sharepoint.com)
Connect-PnPOnline -Url https://mytenant.sharepoint.com -Tenant mytenant.onmicrosoft.com -ClientId 5fa2148c-d484-444a-bcf1-db632a0fed71 -CertificatePath 'PowershellPnp.pfx' -CertificatePassword $(ConvertTo-Securestring -string "MyCertPassword" -AsPlainText -Force)Now I change it to connect to https://mytenant.sharepoint.com/sites/MySite
Connect-PnPOnline -Url https://mytenant.sharepoint.com/sites/MySite -Tenant mytenant.onmicrosoft.com -ClientId 5fa2148c-d484-444a-bcf1-db632a0fed71 -CertificatePath 'PowershellPnp.pfx' -CertificatePassword $(ConvertTo-Securestring -string "MyCertPassword" -AsPlainText -Force)Still works.
Now I try to do the same thing through Python. First the root https://mytenant.sharepoint.com
This connects without error.
However, if I change the site to https://mytenant.sharepoint.com/MySite:
I get this error:
ValueError: {'error': 'invalid_resource', 'error_description': 'AADSTS500011: The resource principal named https://mytenant.sharepoint.com/sites/MySite was not found in the tenant named mytenant. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenantI might consider what that error says, but I can connect to that site using the certificate method through PowerShell. So there should be no problem or other requirements to connect to it through Python, no?
The text was updated successfully, but these errors were encountered: