Hello machihkfyg and mitchellk

I had the same issue.

I share my solution 🙂

The main plugging configuration:

Authority URL: * https://login.microsoftonline.com/common (multi tenant)
or
Authority URL: * https://login.microsoftonline.com/{Directory (tenant) ID} (Single tenant)

Authorization Endpoint: /oauth2/v2.0/authorize

And the bug with the url blank "api/auth/ext" with apache. The file .htaccess is fine, don't modify the file, the problem is the site location.

I modified the code inside the auth-openid-MS.phar.

The line with:
if ($_SERVER['SCRIPT_NAME'] === '/login.php' || $_SERVER['SCRIPT_NAME'] === '/open.php')
to
if (strpos($_SERVER['SCRIPT_NAME'],'/login.php') !== false || strpos($_SERVER['SCRIPT_NAME'],'/open.php') !== false)

Because, mi site work in domain.com/osTicket/, and the original condition don't match, and one Cookie param in never created.

And

The line with:
if ($_COOKIE['LOGIN_TYPE'] === 'CLIENT') header('Location: /login.php');
To

$url_home = rtrim($ost->getConfig()->getURL(), '/');
$sections = parse_url($url_home);
$sub_dir = isset($sections["path"])?$sections["path"]:"";
  
if ($_COOKIE['LOGIN_TYPE'] === 'CLIENT') header('Location: '.$sub_dir.'/login.php');

Because my site work inside a sub-directory, and i need to get a good location.

I hope this could be useful for your!

My english is a work in progress 🙂

Best wishes

        3 months later

        Hello Guys,
        I am encountering the same error.,..is there any clue how to fix it??

        Actually as redirect URI I inserted the URL of the website in azurewebsites (the Application is developed as App Service)...

        Nobody can collaborate? it seems totally usefulness this tool if there is no possibility to synchronize with Active Directory 🙁

        Are you adding "api/auth/ext" at the end of your URL?

        For example: https://yourdomain.com/api/auth/ext

        I use this url pattern at least in two project, running on Apache Server.

        The tool set this part of the url automatically when call the Active Directory Authentication. So, this URL must match with the info inserted in the section Redirect URI's

        You can use the dev console from Chrome, Firefox to find the URL send to Azure Active Directory.

        [UPDATE]

        I added some image for references. The field: redirect_uri is the url that you must insert in the list of Redirect's Uri's

        SO I setup my website in Azure App Registration as:

        https://mywebsite.azurewebsites.net/api/auth/ext

        but still I get this error: how did you setup the App Registrationtion redirect??

        AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'xxx...'

          Again and again and again...."AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'app-id'."

          3 months later

          All good on osTickets 1.14 , but when the password is accepted , the MS reply : AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:
          I think it is about Redirect URI in Azure ( for ex https://nume.com/api/auth/ext ) and only https is accepted here
          osTickets has a number of rewrite insteed , in .htacces and /api/http.php and I think is not correct the response
          How can I resolve this ?

          2 months later

          MrDeanoB Hello, could you please help me with this configuration, I already have everything configured correctly, the only problem is this.

            cbasolutions Please help me, I use apache and I have the problem of redirection after login to / api / auth / ext, what should I do?

              4 months later
              a month later

              I've followed the instructions, Microsoft doesn't complain when I log in but when I'm redirected to mydomain.com/api/auth/ext the only thing I see is "No input file specified."
              Any idea?

              EDIT: found a solution. I switched from FCGId to FPM for my PHP execution mode and it works fine now.

              5 months later

              thaihoangcfc

              I've recently got this working with the tips from @Diego_Morientez re the plugin not matching a subdirectory.
              centos/apache

              Was only concerned with staff login so:

              Here's how you extract/pack files from phar:
              1st have to set the ability to write phars changing readonly to oFF in /etc/php.ini
              ;phar.readonly = On
              phar.readonly = Off
              then go to where u keep the phar file. Create a tmp dir
              mkdir t
              cd t
              phar extract ../auth-openid-MS.phar
              you get:
              authentication.php
              config.php
              openid-MS.phar
              openid_ms.php

              edit openid_ms.php
              for me was ( swap SUB_NAME for your subdir)
              39c39

              < if ($_COOKIE['LOGIN_TYPE'] === 'STAFF') header('Location: /SUB_NAME/scp/login.php');

              if ($COOKIE['LOGIN_TYPE'] === 'STAFF') header('Location: /scp/login.php');
              53c53

              < if ($_SERVER['SCRIPT_NAME'] === '/SUB_NAME/scp/login.php' || $_SERVER['SCRIPT_NAME'] === '/open.php') {


              if ($SERVER['SCRIPT_NAME'] === '/login.php' || $SERVER['SCRIPT_NAME'] === '/open.php') {
              137c137

              < if ($_SERVER['SCRIPT_NAME'] === '/SUB_NAME/scp/login.php') {


              if ($_SERVER['SCRIPT_NAME'] === '/scp/login.php') {



              Now. re-pack -
              phar pack -f new_phar.phar *.php
              now make a copy of original
              cd ../
              cp auth-openid-MS.phar auth-openid-MS-original.phar
              cp t/new_phar.phar auth-openid-MS.phar

              The next part is you need to make sure the agent has auth "any_available_" if not already set.




                8 days later

                in my config, after clic on LOGIN show a BLANK screen

                A blank screen usually indicates a PHP error. Please consult your PHP error logs and post the resulting error here.

                3 months later

                Hi Diego_Morientez,
                I have done all the config as said here and still I am getting blank page at url https://mydomain.com/osTicket/api/auth/ext
                I am using apache server and i have done changes in openid_ms.php as said over here.
                Still I am getting blank page after login successfuly via office365.
                I need to configure this for staff as well as clients.

                Do I need to create agents/clients before they login or it will create user based on openid login?

                Please help me as soos as possible.

                Thanks,
                Yagnesh

                  M-elnady
                  Hi,
                  I am also facing same issue. Please help me if you got any solution for this.

                  Thanks

                    Hey guys,
                    I have this blank screen issue sometimes too!

                    3 months later

                    Hey there,

                    Has anyone managed to solve this blank page issue at https://mydomain.com/api/auth/ext ?

                    We're still experiencing it quite often. We've looked at error logs and here what we have:

                    Logs when no issue:

                    2021-09-02T12:30:46.533434000Z 172.28.69.5 - - [02/Sep/2021:12:30:46 +0000] "GET /scp/login.php?do=ext&bk=openid_ms.staff HTTP/1.1" 302 732 "https://mydomain.com/scp/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:30:47.118811000Z 172.28.69.5 - - [02/Sep/2021:12:30:47 +0000] "POST /api/auth/ext HTTP/1.1" 302 312 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:30:47.178871000Z 172.28.69.5 - - [02/Sep/2021:12:30:47 +0000] "GET /scp/login.php HTTP/1.1" 302 600 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:30:47.351747000Z 172.28.69.5 - - [02/Sep/2021:12:30:47 +0000] "GET /scp/ HTTP/1.1" 200 19378 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:30:47.677194000Z 172.28.69.5 - - [02/Sep/2021:12:30:47 +0000] "GET /osta/uploads/MSF190231.jpg HTTP/1.1" 404 459 "https://mydomain.com/scp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:30:47.771250000Z 172.28.69.5 - - [02/Sep/2021:12:30:47 +0000] "GET /scp/autocron.php HTTP/1.1" 201 361 "https://mydomain.com/scp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

                    Logs when the blank page shows up (doesn't go further than 2nd line - see HTTP status code 200 instead of 302):

                    2021-09-02T12:38:20.109544000Z 172.28.69.5 - - [02/Sep/2021:12:38:20 +0000] "GET /scp/login.php?do=ext&bk=openid_ms.staff HTTP/1.1" 302 732 "https://mydomain.com/scp/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

2021-09-02T12:38:20.467889000Z 172.28.69.5 - - [02/Sep/2021:12:38:20 +0000] "POST /api/auth/ext HTTP/1.1" **200** 283 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"

                    Any idea?

                    14 days later

                    Referring to https://forum.osticket.com/d/99564-osticket-login-not-working-with-microsoft-edge-or-google-chrome/10
                    [speaking of current version (Release - 2018-06-23) of authorisation plugin "OpenID Authentication for Microsoft in osTicket" at https://github.com/cbasolutions/osTicket-Plugins/tree/master/auth-openid-MS ]

                    KevinTheJedi

                    2021-09-15T00:05:02+02:00

                    @XKa-MSF-OCB

                    Ah, okay. So since you are using a 3rd Party Plugin you'll need to contact the developer of the plugin for further assistance.

                    I was thinking this was an issue with the osTicket codebase but appears to be more of an issue with a custom, non-supported plugin.

                    I will now eject myself from this convo and leave you to contact the dev of the plugin.

                    Cheers.

                    Would you recommend any other (standard/supported) solution for authentication in osTicket via Microsoft by any chance?
                    I guess quite a lot of people/organisations would have such needs, right?