Microsoft Oauth returning to homepage without user logged in.
Hi Kevin,
Below is the requested settings page.
I'm not sure what is sensitive and what isn't so I've played safe with redacting. If anything extra is needed let me know.
I think we too are facing this problem,
when using Azure AD for agent login we are then taken back to the home page of os ticket.
However the agent is actually logged in and if you re add /scp to the address bar they are logged in as normal.
Thanks
Ben
- Edited
So with your settings the Users must exist in the system first before they can authenticate. So what I'm thinking is your attributes are not matching the user credentials of existing users. If you updated their backend and everything then it should be working unless the info we get back from MS does not match any existing user.
For Agents this is always true, they must always exist in the system before they can authenticate. As a quick test you can login as an Agent, if they get redirected to the homepage immediately navigate back to the login page by adding /scp to the domain name in the address bar and see if you see an error message in the login prompt box.
Do you also still have this applied?
Cheers.
I've just logged in as an agent and then added /scp to the address bar, I get "authentication required" for the test user.
To test the potential of the mismatch & restriction together blocking sign in I have also just changed "Registration Method" to "Public - anyone can register" for a short period of time and tested with a user who has not used osticket. This test was with the normal user "Sign in with azure" rather than agent. They also go back to the log in screen. I can see in azure the success message for this log in.
I have applied that pull request, screenshot for the result is in post 5 of this thread.
Thanks
Just wondering if you still had it applied as you were doing some other changes.
Then I'm completely stumped without looking at your system itself and since I'm a core dev I'm unable to do so without you purchasing one of our support options.
Cheers.
Hi Kevin,
No worries, I appreciate the help offered so far. I'll continue to test, might need to spin up a clean install & retest. We have looked at the support options previously, unfortunately as a school we have limited resources for IT on the finance front!
In the meantime I'll go back to using LDAP. I may need to ask for some help on the forums again as we've recently started migrating things from LDAP to LDAPS following on from Microsofts recommendations & potential future enforcement. We've had trouble getting OSticket to accept LDAPS when two other products we use have switched over fine but I'll retest with the backend fix for ldap & ask in a separate thread if needed.
Thanks