Sorry to jump in here ( we're on v1.17-rc4 ) We tried adding to our apache config /etc/httpd/conf.d :

RewriteEngine on

and after authenticating successfully at office we are returned to our local server with a 404 error to : https://server.com/api/auth/oauth2?code=....

Where is the documentation on this again ?

Thanks

G

    gkowalski Now up to :

    will work with admin team to see what shows up on the outlook side.

      Am I supposed to have an auth folder under my support\api folder that has something in it (per this entry:
      Callback Endpoint: *
      Redirect Uri
      https://artscisupport.unl.edu/support/api/auth/oauth2)?

      This does not exist in my folder structure on the server.

      osTicket Version v1.17-rc3 (34c64f1)
      Web Server Software Microsoft-IIS/10.0
      MySQL Version 8.0.23
      PHP Version 8.0.0

        blueyeguy

        No, it uses the api/http.php file to redirect to the relevant functions. For Apache it uses the api/.htaccess to rewrite the url to point to api/http.php.

        Cheers.

            KevinTheJedi
            I updated to RC4 and what looks like a newer version of the OAUTH plugin as well. I enter in the information provided by my organizations O365 team, it momentarily redirects to a microsoft authentication screen, and then it ends up at my "Welcome to the Support Center" client side page. I go into the settings for my email account in admin panel and try to enable fetching and i get the Configure Authentication message in the screen shot attached so I am stuck in a loop. Does that mean that the authentication is failing? I get no error messages in my logs that I can tell.

              OK Progress on this, I was using a browser that had my credentials cached for SharePoint and it was trying to use those to authenticate. Switching to a different browser, i was able to get the correct credentials in for the account but got a cert error after that, similar to the one above but not the same:

              cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/common/oauth2/v2.0/token

              gkowalski

              So the :

              Allowoverride All
              RewriteEngine on

              were all that were needed for Apache to properly process the request. We're stuck at

              invalid_cert

              with no errors in the Mickysoft or apache side of things .

                  gkowalski

                  If it’s the same error as @blueyeguy posted you will have to visit the link in the error and follow the steps listed to address the issue.

                  Cheers.

                    Are there any additional requirements to run this on IIS? I have URL rewrite installed, and what I think are the correct settings in Azure. When I hit "submit" on the idp config section in osTicket, it takes me to the Microsoft O365 auth page, then "permissions requested", I hit accept, then get immediately bounced back to the web server with a 404 - File or Directory not found. The url looks to contain a fully formed auth token too. Any pointers on what to check here, I'm a little stuck.

                      rjkunde

                      Thanks the error I got when I didn't fully have rewrite rules enabled properly ( I have apache )

                      Allowoverride All
                      RewriteEngine on

                        You didn't have to create any specific rules though right? I have IIS URL Rewrite installed, but the rules are blank.

                          rjkunde

                          Nah with Apache it uses the api/.htaccess file to rewrite the URL. IIS might need custom rules so you can try converting the .htaccess rules to IIS rules, set them up, and retest.

                          If so let us know and we can add them to the upcoming documentation.

                          Cheers.

                              KevinTheJedi Here's what I see for .htaccess files. Should all of these rewrite rules be added in IIS? I don't think I've had to manually add them in the past.

                                  rjkunde

                                  No typically you don’t have to but I’m just curious if adding the API .htaccess rules would resolve the issue for you.

                                  Cheers.

                                    gkowalski Where did you enable this? If it is the .htaccess which one or what directory does it go in? On the 365 side, which settings are needed? It would be helpful for some kind of documentation to be put together for how to do this, or if I can figure it out I would be happy to toss something together with a step-by-step.

                                        Mitchell-GMIC I realized I must have only had a partial install or something because none of the .htaccess files were present in my web server, however they are present in my local copy of the folders. When I added the .htaccess file to the api folder I now get a different error:

                                        This is coming up after I have logged in to Office 365.

                                        The URL bar shows this: https://helpdeskfancyurl.com/api/auth/oauth2?error=invalid_request&error_description=AADSTS50194%3a

                                        So when researching what that error means, it appears Microsoft says I need to configure my app registration as multi-tenant. I am all sorts of confused here. Any help would be appreciated. If it is best to split this off in to another thread let me know and I would be happy to do that as well.