You need to enable URL Rewriting on your webserver. We do not have documentation on this you will have to look at your webserver documentation on how to accomplish this.
Cheers.
Basic Authentication Retirement for legacy protocols in Exchange Online
I was just telling you what I saw when I googled that error. You will need to reach out to your mail provider for further assistance.
Cheers.
So, Access Tokens will be renewed if the Refresh Token is valid. And these get updated every time they are used. So if it expired then you are probably in Test Mode in which Access Tokens fully expire after 7 days.
Cheers.
I know it’s not supported but I nearly have this running on nginx (1.23.1, PHP 8.0.22).
The only issue that I have is after the admin consent to the Microsoft app, I get redirected back to the OSTicket user login page, but nothing happens.
I can see the token info in the address bar.
Does anyone have any ideas? Or do I have to uninstall nginx and move to Apache on October 1st?
My guess is that if this last redirect was to work, the OAuth2 would as well.
Thanks for your help and thanks to the team for developing the plugin.
You don’t have url rewriting enabled. Please enable this, restart NGINX, and retest.
Cheers.
I thought I did. This is my config file:
` location / {
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
}
set $path_info "";
location ~ ^/include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(tickets|tasks)(.*)$ {
try_files $uri $uri/ /api/http.php;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/(.*)$ {
try_files $uri $uri/ /scp/ajax.php;
}location ~ .php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_read_timeout 300;
}
`
Hmm maybe it's NGINX specific config issue then. If you find a fix for the issue let us know! We'd be interested to see what it could be.
Cheers.
Will do, thanks for looking!
Sorry to jump in here ( we're on v1.17-rc4 ) We tried adding to our apache config /etc/httpd/conf.d :
RewriteEngine on
and after authenticating successfully at office we are returned to our local server with a 404 error to : https://server.com/api/auth/oauth2?code=....
Where is the documentation on this again ?
Thanks
G
Well that was caused by a leading space on the "https://"
Am I supposed to have an auth folder under my support\api folder that has something in it (per this entry:
Callback Endpoint: *
Redirect Uri
https://artscisupport.unl.edu/support/api/auth/oauth2)?
This does not exist in my folder structure on the server.
osTicket Version v1.17-rc3 (34c64f1)
Web Server Software Microsoft-IIS/10.0
MySQL Version 8.0.23
PHP Version 8.0.0
- Edited
No, it uses the api/http.php file to redirect to the relevant functions. For Apache it uses the api/.htaccess to rewrite the url to point to api/http.php.
Cheers.
KevinTheJedi
I updated to RC4 and what looks like a newer version of the OAUTH plugin as well. I enter in the information provided by my organizations O365 team, it momentarily redirects to a microsoft authentication screen, and then it ends up at my "Welcome to the Support Center" client side page. I go into the settings for my email account in admin panel and try to enable fetching and i get the Configure Authentication message in the screen shot attached so I am stuck in a loop. Does that mean that the authentication is failing? I get no error messages in my logs that I can tell.
OK Progress on this, I was using a browser that had my credentials cached for SharePoint and it was trying to use those to authenticate. Switching to a different browser, i was able to get the correct credentials in for the account but got a cert error after that, similar to the one above but not the same:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/common/oauth2/v2.0/token
- Best Answerset by KevinTheJedi
This forum topic seems to address the error. Im just not sure I know how to do what it says the solution is. I will have to poke our sysadmin for help on this.
https://forum.osticket.com/d/101363-117-rc3-ssl-error-with-oauth2
So the :
Allowoverride All
RewriteEngine on
were all that were needed for Apache to properly process the request. We're stuck at
invalid_cert
with no errors in the Mickysoft or apache side of things .
If it’s the same error as @blueyeguy posted you will have to visit the link in the error and follow the steps listed to address the issue.
Cheers.
- Edited
Are there any additional requirements to run this on IIS? I have URL rewrite installed, and what I think are the correct settings in Azure. When I hit "submit" on the idp config section in osTicket, it takes me to the Microsoft O365 auth page, then "permissions requested", I hit accept, then get immediately bounced back to the web server with a 404 - File or Directory not found. The url looks to contain a fully formed auth token too. Any pointers on what to check here, I'm a little stuck.