New installation - OAuth/Azure Auth plugin not working.

Zer0reZ77

Following the documentation on the OsTicket site, I've installed OSTicket 1.8 on IIS (Server 2022) with PHP 8.1 and MySql 8

All the preq checks passed on the installation and the site works fine to all intensive purposes but having installing the OAuth plug which I selected during the download of OSTicket I cannot get the Azure authentication to work.

I followed the documentation to setup SSO with Azure (https://docs.osticket.com/en/latest/OAuth2/Microsoft%20Authentication%20(SSO)%20Guide.html), I've triple checked my setup and it's exactly setup as directed in the documentation, it works in so much as it arrives at a page post successful authentication to the AzureAd, but doesn't login to my OSTicket portal. This is the case for both the end user portal and the ticket management portal aspect.

Are there any diagnostic checks I can perform or other items that need configuring?

KevinTheJedi

Zer0reZ77

Are you testing Users or Agents (or both)? Do you or have you had any other external authentication configured before? Do you have URL Rewriting enabled for IIS?

Cheers.

Zer0reZ77

Hi thanks for responding,

I’ve tested both methods so far, the administration portals’ azure sign in button returns me to the end user portal not signed in.

I have url redirection installed in IIS but no specific configuration set unless the installer for osticket did something as part of the install?

All prerequisites were green prior to install.

KevinTheJedi

Zer0reZ77

It uses web.config files from the install itself. Are you sure URL Rewrite is enabled? In IIS Server Manager click the site in the list on the left, click on URL Rewrite, and see if there are rules shown. If so then it’s enabled.

You will need to make sure you followed the docs to a “t”. If you can provide screenshots of your Azure App (all the places you must make changes from the docs) that would be helpful.

Cheers.

Zer0reZ77

Hi Kevin,

Yep Checked that all is well as far as I can see.

Here is the OSTicket Oauth plugin settings. vs the Azure App Reg. (Single Tenant)

Zer0reZ77

Everything that was configured was cut and paste between the app and the documentation was pretty good as far as i could see.

KevinTheJedi

Zer0reZ77

Yea that all looks fine. The only other thing I could see is if you used the Secret ID instead of the Value for "Client Secret" field in osTicket. Please make sure you used the Value from the app's Client Secret.

Other than that I can only suggest trying to login in incognito window to see if something is being cached in your current session.

Cheers.

Zer0reZ77

Tried a freshly imaged computer and even a Mac all exhibit the same symptoms, I’ve reinstalled the plugin, reconfigured it to a fresh app registration made sure all the uri’s are wordperfect, copied down the secret generated from the app and retested to no avail. Same thing every time, goes through the motions of modern auth and returns to osticket as an unsigned in user for both admin and user portals.

I’ve tried php 8.2 and gone back to 8.1.

I think my next step is to abandon oauth for now and try ldap integration.

KevinTheJedi

Zer0reZ77

Ohhhh I bet you don’t have the cURL root cert in PHP INI. Follow this guide and see if it starts working.

Cheers.

Zer0reZ77

I'll look in to that, I was just configuring the email side of things which also rely on that module and the dialog screen came up with this error.

cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/3f8f3<OMIITTED>eb06f/oauth2/v2.0/token

Looking up that error indicates an SSL cert problem so that url you've cited must be on the right path, thanks.

Zer0reZ77

That's the one Kevin, the force is certainly strong with you.