KevinTheJedi
So I have spent some time today running up a duplicate environment where I can play around with this and I am at exactly the same stage - login appears to work on the ADFS side (no errors in the event log there) but I get a redirect back to the osticket homepage.
As there isn't any official doc for osTicket & ADFS (that I can find) I have followed the same steps that appear to be used for oauth on many other common web apps and tied them up with the steps from the osTicket oauth Microsoft instructions where possible. Here is the config I have;
I have setup a 'Server Application' in Application Groups within ADFS:-
Then I also have a 'Web API' setup in the same application group in ADFS:-
The 'Web API' has the following claims rule setup:-
And the following scopes permitted:-
Then on the osTicket side of things I have the following config:-
I checked the two database tables you mentioned and I only have one user in the staff table - the backend setting in the DB for that user is 'null', there are no users at all in the user_accounts table. As I understand it, when logging in via oAuth the end user account should automatically get created in the DB?
Not sure if it changes anything as I have tried various settings, but I currently have the following configured under Settings > Users;
Apologies for the image overload - I wanted to make my setup as clear as possible ๐