This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Getting Error
ValueError: Unsupported soap action: None. Contact your administrator to check your ADFS's MEX settings. when trying to acquire token from Azure Active Directory using MSAL
The following is the snippet used to get token
client_id='xxxxx10e6-xxx-456d-xxx-xxxxae7e60xxx'
scope = ['https://graph.microsoft.com/.default']
authority_url = 'https://login.microsoftonline.com/' + tenant_id
import msal
app = msal.ConfidentialClientApplication(client_id=client_id,authority=authority_url)
msal_token = app.acquire_token_by_username_password(username='xxxxxx@xxxxxx .com',password='xxxxxxxx', scopes=scope)
print(msal_token)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Mohammed Sohail ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Hi @Mohammed Sohail ,
Thanks for reaching out.
I understand you are trying to get access token through Resource Owner Password Credential (ROPC) flow using Confidential client application class but getting the error.
I have never come across this error before. Are you migrating your application from ADAL to MSAL?
But based on the snippet you mentioned, you are using confident client with ROPC flow which is technically supported but not by any of the official SDK's.
If you wish to use the confidential client, then it must be included the client_secret which is missing in above snippet and scope should be passed as space separated list of permissions.
Sample code using public client application with ROPC flow: https://github.com/Azure-Samples/ms-identity-python-desktop/blob/master/1-Call-MsGraph-WithUsernamePassword/username_password_sample.py
ROPC flow with required parameters: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc#authorization-request
Hope this will help.
Thanks,
Shweta
-----------------------------------
Please remember to "Accept Answer" if answer helped you.
Thanks for your reply and I appreciate your time
Logically the sample is similar to the code which i have written, But I still tried the following as well and getting same error
Sample code using public client application with ROPC flow: https://github.com/Azure-Samples/ms-identity-python-desktop/blob/master/1-Call-MsGraph-WithUsernamePassword/username_password_sample.py
It seems like Active Directory Federation Service is blocking to Authenticate not sure how to Enable those settings of MEX in ADFS or at least if there is something which can bypass the Redirection to ADFS and get token.
Just for your Information I have tried acquiring of Access Token using SPN with both ADAL & MSAL libraries, that worked for me, As trying with user identity unable to do so and getting ADFS error and somewhere in Microsoft documentation I have read that MSAL is recommended to use instead of ADAL.
From the above error, it seems authentication request is going to ADFS Server, do you have access to ADFS server to check whether MEX endpoint is enabled or not ?
Is it possible to use another account where authentication is managed within Azure AD ?
Also if you have access to ADFS environment, you can run this command to check what endpoints are enabled
Get-AdfsEndpoint | ft -AutoSize
AD FS provides various endpoints for different functionalities and scenarios. Not all endpoints are enabled by default. To check if a particular endpoint is enabled / disabled:
Log-in to the AD FS server
Open AD FS Management
In the left navigation pane, select Service > Endpoints
Thanks,
Shweta
Thanks much @Shweta Mathur .This Makes sense for me, However I have tried to Authenticate with Azure AD which is not connected to OnPrem AD and that worked for me using MSAL. But just curious to know is there any possibility to Bypass ADFS and get token from Azure AD directly
To bypass ADFS, we need to understand how authentication is configured in your environment, just for one or few accounts its not feasible, bypassing ADFS needs lot of decision making in terms of authentication.
Refer to this https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn which helps understanding kind of authentication method to choose whether federated/managed depending on organization requirements.
What is federation - https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Refer to these videos for more information related to authentication with ADFS/Azure AD -
https://www.youtube.com/watch?v=--KiPF5_ZSo
https://www.youtube.com/watch?v=CjarTgjKcX8
Thanks,
Shweta
---------------------------------------------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.
