WAC Build 2311 in HA Not Authenticating w/ Entra AD Properly

Copper Contributor

Have a fresh install of WAC Build 2311 in HA, with Entra authentication enabled. When I try to log in as a domain user that does not have administrative privileges on the WAC gateways (but still falls under a regular User), I receive this error:

Method not found: 'Microsoft.IdentityModel.Tokens.SecurityKey Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.FindKeyMatch(System.String, System.String, Microsoft.IdentityModel.Tokens.SecurityKey, System.Collections.Generic.IEnumerable`1<Microsoft.IdentityModel.Tokens.SecurityKey>)'.

The user is listed in a group with the role Gateway User in Entra. 

This doesnt seem to have been a problem with the previous build before 2311.

I am able to log in with my admin account that is a Gateway Administrator (that is also in the local Administrators group). 

2 Replies

Just tested by rolling back to a fresh install of Build 2306 and it does not have the same issue.

I noticed some warning on Build 2311 about migrating to SPA when configuring the integration with Entra and also tried following the steps to migrate to SPA and got the same error in this thread when trying to login with a normal user account: https://techcommunity.microsoft.com/t5/windows-admin-center/update-to-admin-center-1-5-23-12-09001/m...

Seems like Build 2311 with Entra integration for 2FA is still not fully supported. I will have to roll back to Build 2306.

Hi, Thank you for the feedback and sorry about this issue. We are currently conducting an investigation into our identity model and RBAC. Please bear with us on this as we aim to improve this experience.