Anyone got Osticket working in IIS with OAuth2?

BrunoLopes

Hi,
I'm having issues with a couple Ostickets in IIS.

It seems everytime i try to setup OAuth2 i get redirect to raise a ticket page in osticket.
I believe is got to do with URL redirection but for the life of me a can't seem to work out the issue.

KevinTheJedi

BrunoLopes

Yes it’s due to the rewrite rules. We ship with a web.config but it seems it’s not loading properly on your server. There is another thread on this subject in which someone posted their resolution.

Cheers.

BrunoLopes

I had a look into the web.config and it seems the same rules are in the url rewrite in IIS unless i am wrong.

KevinTheJedi

BrunoLopes

That appears to be correct but I’m no IIS expert. You can chime in on the other threads to ask people how they got theirs working or contact your systems administrator for further assistance.

Cheers.

jorgesuazo

Dear All,
I had the same problem, but I already solved it.
Researching and reading thousands of topics in the forum, I couldn't find the solution.
The problem is that version 1.17 of osTicket that is available for download has a blank .htaccess file (it only says "Deny from all").

I copied and pasted this:

Rewrite engine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*/api)

Rewrite rule .* $ %1/http.php/$1 [L]

</IfModule>

And with this OAuth2 worked.
Check that the .htaccess has that configuration.

KevinTheJedi

jorgesuazo

Please stop cross-posting.

That statement is untrue. Maybe you looked at the main .htaccess file but if you look at the one in the api/ folder you should see what you put in the “blank” one.

Cheers

jorgesuazo

it worked for me when entering the data to this file. I just want to comment on it so they can try to fix it with that. I try to provide real help.

TAS

Yes. Mine is working well. We've been running osTicket for 5? years with little to no problem.

The only glitch I had during upgrade to 1.17 was getting OATH2 to work.
Had to drop authorization requirement in order to get token to set.
That was due to the network environment that we run.
Once set, everything worked.

I had webconfig and url rewrite already set from an issue I had a long time ago.
Don't remember what it was.

Use PHP manager.
Make sure of your PHP version.
Make sure correct extensions are enabled.

Test after each setting change.
I found that I would sometimes forget to restart the server after a setting change.

IIs isn't bad. It is just written by a different mindset.
It has been "improved and added" onto over the years.
Sometimes good and other times, not so good.
Follow the install guide for osTicket.
Then solve glitches that come up during testing.
Patience and changes one element at a time are a must.

Hope this helps.

BrunoLopes

Hi Tas,

What do you mean "Had to drop authorization requirement in order to get token to set."
Can you explain that setting or maybe provide a screenshot.

Thank you for the help

TAS

My osTicket system is setup in a university environment.
We have everything firewalled,
We have firewalls on firewalls...

AZURE, for us, is a relatively new product that has to be approved by IT for use.
The only reason I kinda know what was going on was that I started to create my own auth and was firmly stomped and told no... I suspect they are still trying to figure out the risk to the network of apps being approved by a user (me) This is speculation on my part... This means that to do the steps that are recommended in the osTicket documentation, I have to coordinate with university IT.

I had no control of the application approval setup.
IT set up everything on that side.
However, at first, we couldn't get a token to set.
"Application was not approved" errors all over the place.
We went round and round trying to figure out what the issue was.
Never did... I think IT put in a help ticket to MS.

So, IT dropped the authorization requirement and the application was able to set a token.
They re-enabled the authorization and the system suddenly worked.
Don't have a screeenshot because it happened at the IT level and this is what they told me they did...

Sorry.

BrunoLopes

Hi Tas,

Thank very much for your explanation.

BrunoLopes

So i decide to start from scratch with new build of Osticket.

Fresh install of windows 2016 server
IIS install
Follow Instructions how to install Osticket in IIS from Osticket documentation

Setup OAuth2 Microsoft in Azure and Osticket following the Documentation.

Still getting this error in the end.

No errors in the php logs or Osticket system logs.

KevinTheJedi

BrunoLopes

When you get redirected to MS to authenticate, you MUST login as the email you are authorizing for.

Cheers.

TAS

Hmmm

Is the System Default email address the same as the one in the above email Account settings and the remote Config setting? I would be looking for a mis-spelling first. Email mismatch says to me that on a variable check in osTicket, something didn't match. No idea how to figure where it might be, I would shotgun and hit everything that might store an email address.

If it there was something between the osTicket and AZURE, I would expect a different type of message in a different place.

TAS

Agree.
You have said in other places that authentication must be through the email you are authorizing for.
I was assuming that they were following instruction but getting the error.
My thought was that there might be a text string mismatch in the email address that was typed and stored.

BrunoLopes

Hi Guys,

Thanks very much for your help.
So i found the issue ProxyAddress in Active Directory was not matching.

I did setup and Authenticate one emaill address but now that i'm setting up the rest on the same ticket system i'm having this error in PHP logs.

thrown in phar://C:/inetpub/wwwroot/fleetops/include/plugins/auth-oauth2.phar/oauth2.php on line 592
[20-Oct-2022 22:48:49 UTC] PHP Fatal error: Uncaught Error: Call to a member function setConfigClass() on null in phar://C:/inetpub/wwwroot/fleetops/include/plugins/auth-oauth2.phar/oauth2.php:592
Stack trace:
#0 C:\inetpub\wwwroot\fleetops\include\class.email.php(675): GenericEmailOauth2Provider->getPluginInstance()
#1 C:\inetpub\wwwroot\fleetops\include\ajax.email.php(26): EmailAccount->saveAuth()
#2 C:\inetpub\wwwroot\fleetops\include\class.dispatcher.php(151): EmailAjaxAPI->configureAuth()
#3 C:\inetpub\wwwroot\fleetops\include\class.dispatcher.php(38): UrlMatcher->dispatch()
#4 C:\inetpub\wwwroot\fleetops\include\class.dispatcher.php(120): Dispatcher->resolve()
#5 C:\inetpub\wwwroot\fleetops\include\class.dispatcher.php(38): UrlMatcher->dispatch()
#6 C:\inetpub\wwwroot\fleetops\scp\ajax.php(326): Dispatcher->resolve()
#7 {main}
thrown in phar://C:/inetpub/wwwroot/fleetops/include/plugins/auth-oauth2.phar/oauth2.php on line 592

BrunoLopes

Fix the error deleting the email address and re-adding fixes the issue.

BrunoLopes

Thank you very much to all your guys.
Now all my emails are working on the new OAuth2.