Didn't find anything which will help me to solve the problem.
Server logs are fine, no PHP log file in Folder,
Webserver logs show the urls and at least the GET /osTicket/api/auth/oauth2 code=XXXXXXXX and GET /osticket/ - 80 -
I'm not very familiar with this configurations. Do you have any idea or other suggest that will help me.
As I said, there haven't been any changes from our site
That definitely means something isn’t configured correctly or you have a URL mismatch. When doing the email config what’s the hostname you are using in the browser?
Cheers.
Hi,
I tried upgrade MSSQL and PHP to latest version with no result.
Also I added a new MS App to test.
Still the same behavior.
It realy seems to be the Redirect-URL which makes troubles suddenly.
"http://localhost/osTicket/api/auth/oauth2" -> MS Authentication works (verified in Azure) -> Back to osTicket and it gets me to "http://localhost/osticket/"
You say http://localhost/osTicket/api/auth/oauth2 then you say it brings you to http://localhost/osticket/. Is your webserver case sensitive? Also, please post a screenshot of the URL when you are submitting the popup from osTicket, a screenshot of your osTicket OAuth2 config, and a screenshot of your Redirect URI configuration in the App Registration.
Cheers.
We are having the same issue. We upgraded our existing OSTicket instance. We are on IIS and was seeing the 404 error with the web.config in place, then we installed the URL Rewrite for IIS and the system did not error, however, when we log on to our /scp site and we login with Azure the authentication works, but we are taken back to the /scp login page. If I grab a URL of a ticket https://helpdesk.iecc.edu/scp/tickets.php?id=29035 then it still redirects to the login page. We are using the shipped web.config, no changes. The authentication with Azure is working.
Other notes:
1) We can still get in as our local admin account, however, disabling Oath2 and trying to use our ldap auth method in place will not allow login. We cannot disable Oath2 and revert to our LDAP auth as in the past, it will not work, I suspect because of the Rewrite issue, just spins.
2) Under agent accounts there is no longer any kind of "Save" option so I cannot make any changes to an agent. I thought maybe the username needed to be the full email, but you cannot save, so any existing agent the Save nor any other buttons show.
3) There seems to be some issues even when in as the local admin account with saving.
Sadly we had to revert back to our old install until this can be resolved.
You will need to check your logs (general server logs, webserver error logs, PHP error logs, MySQL/MariaDB error logs, osTicket System Logs, Browser Console logs, etc.) for any related errors.
Have you updated your plugins to the latest ones?
Can you check the backend of the agents that can’t login? Go to the database, go to the staff table, and look at the value of the backend column.
Cheers.
You still need to check what I mentioned above.
Also, are you using v1.17.2 and the latest versions of the plugins?
Lastly, as long as the attributes are correct in your OAuth2 config it should allow the username and email address.
Cheers.
KevinTheJedi
tested it but it is not case sensitive!
I tried a new installation of osTicket with a new DB and eMail-Konfiguration works fine. I have taken the same settings on both osTickets-Installation.
After I updated the tables in the Database excepting config, plugins, etc... the redirection doesn't work anymore.
So this must be due to an wrong entry in one table!
Tables which I have not migrated:
ost_syslog
ost_session
ost_schedule_entry
ost_schedule
ost_role
ost_plugin_instance
ost_plugin
ost_lock
ost_list_items
ost_list
ost_group
ost_filter_rule
ost_filter_action
ost_filter
ost_email_template_group
ost_email_template
ost_email_account
ost_email
ost_draft
ost_department
ost_content
ost_config
ost_canned_response
ost_api_key
KevinTheJedi
Because there was either no change or for test purposes such as ost_config
The point is: In which table could be an Entry belonging to oauth2 authentication and redirecting.
A new installation of osTicket with a fresh database is working on oauth2 and email-redirecting.
When I copy the data of the old tables of the database to the new one - keeping the entries of new-installation - it doesn't!
So there must be an entry in one of these tables which impede the functionality.
I thought the entries for email-settings are only in
ost_config,
ost_email,
ost_email_account,
ost_plugin,
ost_plugin_instance,
but there must be more which I have not figured out yet.
Those are the only tables for email auth related settings, yes. If you are migrating data then migrate the entire database and reconfigure each email.
Cheers.
KevinTheJedi
I testet this also - but the result is the same
very annoying
is there a possibility in osTicket to change the name of the database easily
Hi,
I just wanted you to know that I find out what caused the failur in our osTicket.
The problem was made by the Redirect-URI due to it seems to be case-sensitive at MS site.
So on osTicket I copied the path from the explorer with upper case letters and at MS365 Azure I put it in manually only with lower case letters.
So simple but very effective...
Thanks for posting this..
