Oauth2 does nothing - can't save configuration: Page 2

Oauth2 does nothing - can't save configuration

KevinTheJedi

The screenshots in the docs just show examples. Your URLs and such will be different.

Cheers.

bawalker

Correct. But I wasn't sure with URI redirection if it mattered having localhost vs <servername> or anything besides a TLD of https:// osticket.com / type of URL. This server is an internal company server that has no external WAN facing capabilities since it handles HIPAA related information as part of the help desk.

KevinTheJedi

bawalker

That’s fine. The redirect happens locally (in the browser) so as long as you can access it locally that’s good. All the URLs do have to match though. As in, the URL you are submitting the popup from, the URL in the email config, and the Redirect URL in the App Registration.

Cheers.

bawalker

Thanks for the info on the redirect. The URI on osticket, on Azure and what is being accessed in the browser physically from that server are all identical. However I did note that the server osTicket is on has a self signed cert. When using Edge or Chrome to access, they complain about it not being secure and mark out the https, but still state there is a cert there. I take it that wouldn't make any difference?

I'm really scratching my head at this one....

KevinTheJedi

bawalker

I don't think so.

What you can do is Right Click + Inspect the page, and go to the Network tab before submitting the popup; make sure you select the option to Preserve Logs. Then you can go through the process and when you get redirected to osTicket check the responses from the requests to see if there are any errors being kicked back or something.

Cheers.

bawalker

Thanks for that info. I've re-ran the authorization process with the Inspect open and preserving the log. Should I be looking in the Headers, Response, Initiator, etc tabs for any particular errors or somewhere specific?

KevinTheJedi

bawalker Response tab

KevinTheJedi

bawalker

Also when it brings you back to osTicket without the banner try submitting the popup once more to see if you get an error or something.

Cheers.

bawalker

I am looking at the "name" category and see the moment from where the request url goes from microsoft over to the internal lan server. In fact the request URL is https://supportmaster/osticket/api/auth/oauth2?code=..... There is a status code of 302 (yellow) with no explicit errors.

The next name column item is that it's showing the request URL of https://supportmaster/osTicket/scp/emails.php?id=5 which is when I assume it takes me back to the locally hosted osticket email page where I was at originally. Status code is 200 (green)

From that point it's alot of jqueries, css, and site images logging those. So far I can't find anything explict error wise appearing.

KevinTheJedi

bawalker

Hmmm, then it should be working. I’m honestly at a loss here. Can you login to the database, go to the email table, copy the ID for the email in question, go to the email_account table, and search for where the email_id is equal to the ID you copied? Once you do that post a screenshot of the records (censor any sensitive info - if any).

Cheers.

bawalker

@KevinTheJedi I checked the email table and the helpdesk@company.com address is ID 5. When I goto ost_email_account, the email_ID table there indicates ID 5 as well.

See the screenshots below....

KevinTheJedi

bawalker

Okay, and is plugin_instance with ID of 9 the correct instance for this email? You can also go to the config table and lookup WHERE namespace LIKE '%instance.9' and confirm all that information is correct. If not, you can set auth_bk and auth_id to NULL for the relevant email_account record and reconfigure the email's authentication.

Also, the email config flow should be first input the hostname, port number, and protocol. Then you select OAuth2 - Microsoft for Authentication, then click Config, fill out the OAuth2 info, and click Submit in the popup.

Cheers.

bawalker

I confirmed ost_plugin_instance 9 is the helpdesk@company.com (mailbox). However, there is an instance 7 that references the same email address, except for (smtp). See the screenshot:

As for the namespace query, I got a syntax error when using the same command you shared.

Let me know if I have the syntax wrong.

KevinTheJedi

bawalker

Yea you have to do SELECT * FROM WHERE xxx.

Cheers.

bawalker

Gotcha! SQL is one of my weak points. You can check over if I did run the it right, but I didn't see any data fields for auth_bk or auth_id

KevinTheJedi

bawalker

That all looks fine...this is so strange.

The auth_bk and auth_id columns are in the email_account table.

Cheers.

bawalker

So I went into the email accounts table, set both values to NULL. Went into the email area and followed the flow you gave for setting up the account.

When I clicked on submit for the OAuth data, the page just sat there saying "Loading" with the spinning circle. No interaction with the Microsoft page. So I refreshed the page, re-entered the OAuth values and the same thing happened again:

I'm definitely at a loss here in getting this to work on the new Oauth2. Especially when others have been getting it working with far less effort.

KevinTheJedi

bawalker

I would either check your logs for any related errors or delete the email and re-add it.

Cheers.

bawalker

The system logs in osTicket don't show anything. Are there other logs stored directly to the server file system that I should check?

bawalker

I completely got rid of the old account in osTicket and setup a new email address/mailbox on Exchange for testing. Went through and setup a new OAuth2 in Azure following the directions exactly. I just wanted to rule out any other items and start fresh on that. This time when I go to submit the OAuth2, it takes me to the Microsoft portal, I log in with the new email address, grant the permissions. It takes me back to the osTicket page and beside the config button gives "invalid_client". (See screenshot)

I decided to use the previous secret ID and application ID with the original email address and it also gives the same invalid client. I was thinking that it was referencing the application ID was wrong vs MS, but I'm not sure if that is what that error means.

KevinTheJedi

bawalker

That means you have something configured incorrectly. I'd highly encourage you to follow the documentation below exactly as it states:

https://docs.osticket.com/en/latest/OAuth2/Microsoft%20Authorization%20Guide.html

Other than that you'll have to post screenshots of your app registration (all the relevant tabs/settings) as well as the IdP Config settings in osTicket. If you do upload screenshots, please censor any sensitive info.

Cheers.

« Previous Page Next Page »