Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

BLOCK_GUEST_USERS error: Guest User Denied

See original GitHub issue

Hello!

I have recently implemented django-auth-adfs and it works beautifully with my Azure AD whenever BLOCK_GUEST_USERS is False. I would like to set it to True, as I am a Member user and not a Guest within the system, but whenever I do it gives me these errors from the debug log:

INFO 2021-08-27 12:18:04,844 django_auth_adfs Guest user denied Unauthorized: /oauth2/callback

This leads the the Login Failed html page.

Here are my settings as well:

AUTH_ADFS = { 'AUDIENCE': config("MICROSOFT_AD_CLIENT_ID"), 'CLIENT_ID': config("MICROSOFT_AD_CLIENT_ID"), 'CLIENT_SECRET': config("MICROSOFT_AD_CLIENT_SECRET"), 'CLAIM_MAPPING': {'first_name': 'given_name', 'last_name': 'family_name', 'email': 'upn'}, 'GROUPS_CLAIM': 'roles', 'MIRROR_GROUPS': True, 'USERNAME_CLAIM': 'upn', 'TENANT_ID': config("MICROSOFT_AD_TENANT_ID"), 'RELYING_PARTY_ID': config("MICROSOFT_AD_CLIENT_ID"), 'LOGIN_EXEMPT_URLS': ['/login', '^$'], "BOOLEAN_CLAIM_MAPPING": {"is_staff": "user_is_staff"}, "BLOCK_GUEST_USERS": True, }

I checked the docs to see what the error might be and tried this:

Whether guest users of your Azure AD is allowed to log into the site. This is validated by matching the http://schemas.microsoft.com/identity/claims/tenantid-key in the claims towards the configured tenant.

but it seems like schemas.microsoft.com/identity/claims/<my-tenant-id> no longer exists. Thanks, any advice on a fix would be greatly appreciated!