megatronic79

User+declined+to+consent+to+access+the+app. as the error states a User denied the consent to the app. You will need to consent in order to get a Token.

Cheers.

    KevinTheJedi

    Thats the prob thou, user cannot do that, it's sent to the admin for approval.

    When the approval is done BY the admin the user clicks on the return and redirects back to osticekts, however it seems you are dropping the client-side approval... hence the returned message from azure. The user cannot do any more than that, and all settings are applied on the azure side.

    I've tested this on two separate tenancies. if I turn of the approval flow it works as expected, when it's on this part breaks it doesn't appear you can complete the auth.

    megatronic79

    Yea that won't work, you'll need to allow them access to grant consent. We have some updates coming soon that shouldn't force prompt=consent which might help in your case. In the meantime you can download the plugin raw files from github, hydrate them, and make the change yourself to not force the prompt or you can wait for the next set of updates to be released.

    Cheers.

      @KevinTheJedi having a similar issue. After O365 auth is complete, i click 'save' and it gives this message. I've triple checked to verify imap/pop still enabled on the account and followed your guide for the O365 Aure AD application. A little stuck

        KevinTheJedi Whoops. Its Monday. Changing it to IMAP (still 993) gives "AUTHENTICATE failed." And this is after getting through the O365 auth process.

          travisn

          Then either you didn’t configure the App in Azure correctly which you can follow our documentation to ensure you did everything correctly or you need to contact MS for further assistance.

          Cheers.

            KevinTheJedi

            I changed consent to login and rehydrated, I can confirm it works as expected in this stricter setup.

            Thanks for your help, mate.

            KevinTheJedi

            this is the error that i am receiving
            /Osticket/scp/ajax.php/email/4/auth/config/mailbox/oauth2:msmail:1 Failed to load resource: the server responded with a status of 500 ()

            Request URL: https://"localserver"/osTicket/scp/ajax.php/email/4/auth/config/mailbox/oauth2:msmail
            Request Method: POST
            Status Code: 500
            Remote Address: **********:443
            Referrer Policy: strict-origin-when-cross-origin

            KevinTheJedi

            it worked for now with fresh installation of App and Plugin .

            now when configuring Remote Mailbox
            cannot connect to host ; error = fsockopen(): Unable to connect to outlook.office365.com:143 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) (errno = 0 )

            KevinTheJedi
            DvDaf

            Can confirm that this has not fixed my issue. I have been working with MS support as well, but they have not been able to see any issues with my app registration or other parts of the setup.

              DvDaf

              DvDaf

              Thank you so much. It worked for me.

              For future reference, I set up osTicket with IIS and Window Server 2019. I was struggling with this error because I wasn't too familiar with language in the php.ini file. As the solution, I removed the semicolon in the front of curl.cainfo to uncommented it.

              Kind regards,

              lstrom

              Your initial issue was that URL Rewriting is not enabled on your webserver or if it is it's not running correctly. Did you ever solve that issue?

              Cheers.

                KevinTheJedi

                Sorry, I do not mean to be obtuse. This is fairly new territory for me. I have looked at a number of other posts in these forums and I am seeing the rewrite rules that others have shown:

                Testing the "HTTP api" rule, I get the following result:

                So that seems to be in-line with the result of being sent to the main /portal page

                I'm guessing I may need to edit the rule to point to the agent panel or admin panel, is that thought in the right direction?

                  lstrom

                  No, we ship with web.config that your IIS should be loading but appears is not. You need to figure out why that file isn’t being loaded.

                  @ntozier Do you know how to force IIS to load the web.config properly?

                  Cheers.

                    KevinTheJedi

                    Okay, so the appearance of the rules does not indicate that the web.config file is loading. Good to know, thank you.