Generic OAuth2 redirects to homepage instead of logging in: Page 2

Generic OAuth2 redirects to homepage instead of logging in

reberhardt

Looking at other posts from KevinTheJedi about PHP support in IIS not being updated in the near future, I am going to recreate my setup in CentoOS and see if I have the same problems beings I am not that far into it.

cslob

reberhardt
I have another instance of osTicket on Ubuntu and have no issues with the oauth plugin. Still can’t get my IIS instance to work with oauth.

jorgesuazo

Dear All, @djelectro
I had the same problem, but I already solved it.
Researching and reading thousands of topics in the forum, I couldn't find the solution.
The problem is that version 1.17 of osTicket that is available for download has a blank .htaccess file (it only says "Deny from all").

I copied and pasted this:

Rewrite engine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*/api)

Rewrite rule .* $ %1/http.php/$1 [L]

</IfModule>

And with this OAuth2 worked.
Check that the .htaccess has that configuration.

KevinTheJedi

jorgesuazo

That statement is untrue. Maybe you looked at the main .htaccess file but if you look at the one in the api/ folder you should see what you put in the “blank” one.

Cheers.

jorgesuazo

@"KevinTheJedi"
And why would it have worked when entering the data in the file that is in the root?
or what function does that file that is included in white serve?

KevinTheJedi

jorgesuazo

Not sure maybe your Apache instance isn't loading .htaccess in sub-folders? Anywho, this is what's in the api/.htaccess file (I just downloaded and checked to make sure):

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*/api)

RewriteRule ^(.*)$ %1/http.php/$1 [L]

</IfModule>

Cheers.

aussied89

i found installing the cacert.pem cert in php helped & allowed me to login & editing the php.ini to allow

if like me i was setting up from the plugin module page instead of the remote mailbox which gave me the curl error which guided me on the path to correction 🙂

magdaj

aussied89 could you please share your successful implementation of sso in osTicket?

friendbg

Hi,

I've just upgraded our osTicket from 1.16 to 1.17.3 and enabled oauth2 plugin, but got the same situation like others here. With successful login oauth2 redirects me to the client site, not /scp/

I'm using nginx with php8.1 with OAuth2 - Other instance.
My nginx logs says 302 redirects from /scp/login.php to main domain.
Client id and client secret are correctly entered and User Identifier is set to username.

123.123.123.123 - - [21/Mar/2023:11:17:43 +0200] "GET /scp/login.php?do=ext&bk=oauth2.agent.p3i3 HTTP/1.1" 302 23 "https://domain.com/scp/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" 123.123.123.123 - - [21/Mar/2023:11:17:43 +0200] "GET /api/auth/oauth2?code=rSvtzpzcGeUpxEM9OrXjqCHSvOGa9Vyi0cyImnNF&state=d40d97187f42923b8172bf409192a2d1 HTTP/1.1" 302 23 "https://domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"

I'll be very happy if someone helps me with this.

Thank you

dolon

Make sure you use the latest version of the plugin. Also make sure the last part of the instance is left as is if you use google or azure. The documentation must be followed line by line.

friendbg

Hi,

I'm using version 0.6 of the plugin - I think this is the latest. Also I'm not using google or azure - I'm using our own oauth2 system which we use on other different systems with no issues. I'm attaching screenshot of the settings

Thanks

KevinTheJedi

friendbg

NGINX is not supported out of the box. It requires you to add a site config with all the appropriate rewrite rules. Either switch to a supported webserver (Apache, IIS, LiteSpeed) and retest or look at older threads on this Forum that contain the appropriate NGINX rules.

Cheers.

adamf

I've been scolling up and down this page for a while trying to find something to help get it working with keycloak. I too was redirected to the landing page after successfully logging in with keycloak. I finally found out my problem was that I didn't include openid in the scopes so the openid-connect/userinfo endpoint was not allowed.
After changing my scopes to "email profile roles openid" it all started working. The scopes must also be space separated for keycloak.

DobromirStoev

jw9000 Hi, i am using Control Panel, and the authentication with Microsoft365 is also not working. Sending me to the home page without the user to be logged in. Did you manage to find a solution?

DobromirStoev

Any one having experience hosting the system on Control Panel and having working OAuth2 with M365?

KevinTheJedi

DobromirStoev

Yes, of course; I do right now. I currently have these providers working with OAuth2 SSO: Microsoft, Google, Discord, and Okta.

You need to make sure you follow the guide exactly, step-by-step:

https://docs.osticket.com/en/latest/OAuth2/Microsoft%20Authentication%20(SSO)%20Guide.html

Cheers.

DobromirStoev

KevinTheJedi Hello Kevin, thank you for your reply. I am doing exactly as shown in the documentation, but after the login, I am sent to the home page. Maybe Control Panel is not supporting some redirects, I don't know, and I don't know which log to check. In Azure, the authentication is correct, but still, the user is not logged in to the system. The behavior is the same for users and agents.

msnowst

I see the same redirect. Working Oauth2 sign-in with Azure yesterday, redirect today.

KevinTheJedi

msnowst

Have you tried clearing your cache, cookies, and sessions and retesting?

Cheers.

cmd

Hello all.

If you're like me and are using the Caddy webserver, you need to create these rewrite rules manually. Here's what I'm using in my Caddyfile:

(route-file-server-or-rewrite) {
	# route based on the first argument to this snippet
	route {args[0]} {
		# invoke the file server, but pass through if the file doesn't exist
		file_server {
			pass_thru
		}
		# if the file wasn't found, rewrite the url with the remaining passed arguments
		rewrite {args[1:]}
	}
}

support.my-website.com {
	# root/php setup omitted for brevity.

	# the three paths osTicket expects to rewrite
	@api path_regexp api ^(.*/)?api/(.*)$
	@pages path_regexp pages ^(.*/)?pages/(.*)$
	@scp path_regexp scpapps ^(.*/)?scp/apps/(.*)$

	# import snippet that tries first to serve files, and falls back to rewriting otherwise
	import route-file-server-or-rewrite @api {re.api.1}api/http.php/{re.api.2}
	import route-file-server-or-rewrite @pages {re.pages.1}pages/index.php/{re.pages.2}
	import route-file-server-or-rewrite @scp {re.scpapps.1}scp/apps/dispatcher.php/{re.scpapps.2}
}

I hope this helps out someone in the same situation!

KevinTheJedi

cmd

I have never in my life heard of this webserver before but it's awesome you shared a config that's working for you. Thank you for sharing.

Cheers.

« Previous Page Next Page »