Following the documentation on the OsTicket site, I've installed OSTicket 1.8 on IIS (Server 2022) with PHP 8.1 and MySql 8

All the preq checks passed on the installation and the site works fine to all intensive purposes but having installing the OAuth plug which I selected during the download of OSTicket I cannot get the Azure authentication to work.

I followed the documentation to setup SSO with Azure (https://docs.osticket.com/en/latest/OAuth2/Microsoft%20Authentication%20(SSO)%20Guide.html), I've triple checked my setup and it's exactly setup as directed in the documentation, it works in so much as it arrives at a page post successful authentication to the AzureAd, but doesn't login to my OSTicket portal. This is the case for both the end user portal and the ticket management portal aspect.

Are there any diagnostic checks I can perform or other items that need configuring?

    Zer0reZ77

    Are you testing Users or Agents (or both)? Do you or have you had any other external authentication configured before? Do you have URL Rewriting enabled for IIS?

    Cheers.

    Hi thanks for responding,

    I’ve tested both methods so far, the administration portals’ azure sign in button returns me to the end user portal not signed in.

    I have url redirection installed in IIS but no specific configuration set unless the installer for osticket did something as part of the install?

    All prerequisites were green prior to install.

      Zer0reZ77

      It uses web.config files from the install itself. Are you sure URL Rewrite is enabled? In IIS Server Manager click the site in the list on the left, click on URL Rewrite, and see if there are rules shown. If so then it’s enabled.

      You will need to make sure you followed the docs to a “t”. If you can provide screenshots of your Azure App (all the places you must make changes from the docs) that would be helpful.

      Cheers.

      Hi Kevin,

      Yep Checked that all is well as far as I can see.

      Here is the OSTicket Oauth plugin settings. vs the Azure App Reg. (Single Tenant)


      Everything that was configured was cut and paste between the app and the documentation was pretty good as far as i could see.

        Zer0reZ77

        Yea that all looks fine. The only other thing I could see is if you used the Secret ID instead of the Value for "Client Secret" field in osTicket. Please make sure you used the Value from the app's Client Secret.

        Other than that I can only suggest trying to login in incognito window to see if something is being cached in your current session.

        Cheers.

        Tried a freshly imaged computer and even a Mac all exhibit the same symptoms, I’ve reinstalled the plugin, reconfigured it to a fresh app registration made sure all the uri’s are wordperfect, copied down the secret generated from the app and retested to no avail. Same thing every time, goes through the motions of modern auth and returns to osticket as an unsigned in user for both admin and user portals.

        I’ve tried php 8.2 and gone back to 8.1.

        I think my next step is to abandon oauth for now and try ldap integration.

          I'll look in to that, I was just configuring the email side of things which also rely on that module and the dialog screen came up with this error.

          cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/3f8f3<OMIITTED>eb06f/oauth2/v2.0/token

          Looking up that error indicates an SSL cert problem so that url you've cited must be on the right path, thanks.

          Write a Reply...