Hello,  thank you for your plug-in.I installed the plug-in in OSTicket. (1.10.4)I followed your instructions for the setting.When I click on the button "Sign in Microsoft" in the page login.php, then I arrive on the page "https://login.microsoft.com/common/oauth2/v2.0/authorize?client_id=3b5dd93. .... ".  When I enter my email address name@company.ext,  I have a message that tells me he can not find my account."There was a problem finding your account, click Next to try again."Should we allow something in MS Azure?Thank you

Hello, I have advanced a little,

M-elnady did you change your nginx config to reflect this:

location ~ ^{/api/(tickets|tasks)(.*)$} {

to

location ~ ^{/api/(tickets|tasks|auth)(.*)$} {

This should then pick up the /auth part in the URL and action it correctly.

This plugin works well but did take a couple of attempts to get it working correctly. There does seem to be one item not working - logging out. Choosing logout does, indeed, log you out of OSTicket but does not log you out of your microsoft account. Not sure if this intended functionality.

I also had to add the domain name into the allowed email domains for staff and had to create an agent login dropping the domain name e.g Microsoft login is bill@smith.com. You need to add smith.com to allowed email domains for staff and create an account with a username (no password needed) of bill.

If you are providing client access then the same rules apply.

Hello machihkfyg and mitchellk

I had the same issue.

I share my solution

The main plugging configuration:

Authority URL: * https://login.microsoftonline.com/common (multi tenant)
or
Authority URL: * https://login.microsoftonline.com/{Directory (tenant) ID} (Single tenant)

Authorization Endpoint: /oauth2/v2.0/authorize

And the bug with the url blank "api/auth/ext" with apache. The file .htaccess is fine, don't modify the file, the problem is the site location.

I modified the code inside the auth-openid-MS.phar.

The line with:
if ($_SERVER['SCRIPT_NAME'] === '/login.php' || $_SERVER['SCRIPT_NAME'] === '/open.php')
to
if (strpos($_SERVER['SCRIPT_NAME'],'/login.php') !== false || strpos($_SERVER['SCRIPT_NAME'],'/open.php') !== false)

Because, mi site work in domain.com/osTicket/, and the original condition don't match, and one Cookie param in never created.

And

The line with:
if ($_COOKIE['LOGIN_TYPE'] === 'CLIENT') header('Location: /login.php');
To

$url_home = rtrim($ost->getConfig()->getURL(), '/');
$sections = parse_url($url_home);
$sub_dir = isset($sections["path"])?$sections["path"]:"";
  
if ($_COOKIE['LOGIN_TYPE'] === 'CLIENT') header('Location: '.$sub_dir.'/login.php');

Because my site work inside a sub-directory, and i need to get a good location.

I hope this could be useful for your!

My english is a work in progress

Best wishes

Are you adding "api/auth/ext" at the end of your URL?

For example: https://yourdomain.com/api/auth/ext

I use this url pattern at least in two project, running on Apache Server.

The tool set this part of the url automatically when call the Active Directory Authentication. So, this URL must match with the info inserted in the section Redirect URI's

You can use the dev console from Chrome, Firefox to find the URL send to Azure Active Directory.

[UPDATE]

I added some image for references. The field: redirect_uri is the url that you must insert in the list of Redirect's Uri's