Skip to main content

Hi 

 

There seems to be some problems regarding the Microsoft SharePoint List reader accessing SharePoint Lists when there is 2FA activated. 

 

Using FME 2020.1.1 Build 20608 the connector returns a Azure AD error AADSTS70011. 

 

Using FME 2019.2.2.0 Build 19817 returns this error: Failed to retrieve feature types.

 

Microsoft SharePoint List Reader: Error authenticating via SAML. Verify that the username and password are correct, and that this is a SharePoint Online instance. Response message was: '200'

 

The log file: 

Creating reader for format: Microsoft SharePoint List
Trying to find a PYTHON plugin for reader named `SHAREPOINT'
Loaded Python module `sharepoint' from file `C:\Program Files\FME2019\python\python37\sharepoint\__init__.pyc'
Creating reader for format: Microsoft SharePoint List
Trying to find a PYTHON plugin for reader named `SHAREPOINT'
Loaded Python module `sharepoint' from file `C:\Program Files\FME2019\python\python37\sharepoint\__init__.pyc'
Microsoft SharePoint List Reader: Items Per Request format parameter is set to '5000'
Microsoft SharePoint List Reader: Logging into 'https://geonett.sharepoint.com/sites/Support' as 'birk.slipersaeter@geodata.no' using authentication mode 'SAML'
Microsoft SharePoint List Reader: SSL certificate verification failed for host 'geonett.sharepoint.com'. HTTPS connections may not be secure. Disabling verification of SSL certificates. Message: HTTPSConnectionPool(host='geonett.sharepoint.com', port=443): Max retries exceeded with url: /sites/Support (Caused by SSLError(SSLCertVerificationError(1, 'eSSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)')))
Microsoft SharePoint List Reader: Error authenticating via SAML. Verify that the username and password are correct, and that this is a SharePoint Online instance. Response message was: '200'
A fatal error has occurred. Check the logfile above for details
Failed to obtain any schemas from reader 'SHAREPOINT' from 1 datasets. This may be due to invalid datasets or format accessibility issues due to licensing, dependencies, or module loading. See logfile for more information
UniversalReader -- readSchema resulted in 0 schema features being returned
Reader Parameter(0) = >https://geonett.sharepoint.com/sites/Support<
Reader Parameter(1) = >USER<
Reader Parameter(2) = >birk.slipersaeter@geodata.no<
Reader Parameter(3) = >PASSWORD<
Reader Parameter(4) = >********<
Reader Parameter(5) = >AUTHENTICATION<
Reader Parameter(6) = >SAML<
Reader Parameter(7) = >HIDDEN_LISTS<
Reader Parameter(8) = >No<
Reader Parameter(9) = >ALL_FIELDS<
Reader Parameter(10) = >No<
Reader Parameter(11) = >_MERGE_SCHEMAS<
Reader Parameter(12) = >YES<
Reader Parameter(13) = >RETRIEVE_ALL_TABLE_NAMES<
Reader Parameter(14) = >YES<
Reader Directive(0) = >RUNTIME_MACROS<
Reader Directive(1) = >USER,birk.slipersaeter@geodata.no,PASSWORD,********,AUTHENTICATION,SAML,HIDDEN_LISTS,No,ALL_FIELDS,No,_MERGE_SCHEMAS,YES,RETRIEVE_ALL_TABLE_NAMES,YES<
UniversalReader -- readSchema resulted in 0 schema features being returned
Failed to obtain any schemas from reader 'SHAREPOINT' from 1 datasets. This may be due to invalid datasets or format accessibility issues due to licensing, dependencies, or module loading. See logfile for more information

 

After turning off 2FA for a new user, it worked in FME 2019.2.2, but not FME 2020.1.1. Is it possible to access the SharePoint lists without deactivating the 2FA?

 

Kind regards,

Birk

 

Hi @birkslip​ 

 

I know we communicated through support but I will add our conclusion here in case anyone else experiences the same thing.

 

We got this working with 2FA using the new web connection for Sharepoint in FME Desktop 2020. I have now published an article that walks through how to set this up. The Microsoft Sharepoint List Reader/Writer in 2019 doesn't have the option for a web connection but the SharepointOnlineConnector transformer does. However due to User Interface limitations the Client Secret was always required and FME would always send it to Azure. As Microsoft doesn't trust public/desktop applications to keep a client secret (which FME is) it will reject connection attempts. In 2020.1 you'll see the web connection has the client secret as 'optional', and we don't send one.

 

Using the web connection in 2020 allows the user to enter the security code or check their device for the 2FA.

For 2019, turning off 2FA and using SAML auth works.


Reply