- Edited
No, it uses the api/http.php file to redirect to the relevant functions. For Apache it uses the api/.htaccess to rewrite the url to point to api/http.php.
Cheers.
Basic Authentication Retirement for legacy protocols in Exchange Online
KevinTheJedi
I updated to RC4 and what looks like a newer version of the OAUTH plugin as well. I enter in the information provided by my organizations O365 team, it momentarily redirects to a microsoft authentication screen, and then it ends up at my "Welcome to the Support Center" client side page. I go into the settings for my email account in admin panel and try to enable fetching and i get the Configure Authentication message in the screen shot attached so I am stuck in a loop. Does that mean that the authentication is failing? I get no error messages in my logs that I can tell.
OK Progress on this, I was using a browser that had my credentials cached for SharePoint and it was trying to use those to authenticate. Switching to a different browser, i was able to get the correct credentials in for the account but got a cert error after that, similar to the one above but not the same:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/common/oauth2/v2.0/token
- Best Answerset by KevinTheJedi
This forum topic seems to address the error. Im just not sure I know how to do what it says the solution is. I will have to poke our sysadmin for help on this.
https://forum.osticket.com/d/101363-117-rc3-ssl-error-with-oauth2
So the :
Allowoverride All
RewriteEngine on
were all that were needed for Apache to properly process the request. We're stuck at
invalid_cert
with no errors in the Mickysoft or apache side of things .
If it’s the same error as @blueyeguy posted you will have to visit the link in the error and follow the steps listed to address the issue.
Cheers.
- Edited
Are there any additional requirements to run this on IIS? I have URL rewrite installed, and what I think are the correct settings in Azure. When I hit "submit" on the idp config section in osTicket, it takes me to the Microsoft O365 auth page, then "permissions requested", I hit accept, then get immediately bounced back to the web server with a 404 - File or Directory not found. The url looks to contain a fully formed auth token too. Any pointers on what to check here, I'm a little stuck.
- Edited
Thanks the error I got when I didn't fully have rewrite rules enabled properly ( I have apache )
Allowoverride All
RewriteEngine on
You didn't have to create any specific rules though right? I have IIS URL Rewrite installed, but the rules are blank.
Nah with Apache it uses the api/.htaccess file to rewrite the URL. IIS might need custom rules so you can try converting the .htaccess rules to IIS rules, set them up, and retest.
If so let us know and we can add them to the upcoming documentation.
Cheers.
KevinTheJedi Here's what I see for .htaccess files. Should all of these rewrite rules be added in IIS? I don't think I've had to manually add them in the past.
No typically you don’t have to but I’m just curious if adding the API .htaccess rules would resolve the issue for you.
Cheers.
gkowalski Where did you enable this? If it is the .htaccess which one or what directory does it go in? On the 365 side, which settings are needed? It would be helpful for some kind of documentation to be put together for how to do this, or if I can figure it out I would be happy to toss something together with a step-by-step.
- Edited
Mitchell-GMIC I realized I must have only had a partial install or something because none of the .htaccess files were present in my web server, however they are present in my local copy of the folders. When I added the .htaccess file to the api folder I now get a different error:
This is coming up after I have logged in to Office 365.
The URL bar shows this: https://helpdeskfancyurl.com/api/auth/oauth2?error=invalid_request&error_description=AADSTS50194%3a
So when researching what that error means, it appears Microsoft says I need to configure my app registration as multi-tenant. I am all sorts of confused here. Any help would be appreciated. If it is best to split this off in to another thread let me know and I would be happy to do that as well.
Are you trying to setup a personal email address or a business account one with a custom domain tenant? After fighting with MS for almost a month they finally told me that they do not allow OAuth2 support with personal emails unless you setup a custom domain and a new tenant reflecting that.
Cheers.
Any thoughts here? I know normal API requests work on IIS so any reason why new API urls (using same base url) wouldn't work?
Cheers.
I'm a new user to osTicket and huge thank you to those supporting it. I am having an error when trying to get a token with oauth2 plugin. I go through setting up the app registration in azure, copied the application id, registration token, granted permissions for the graph api's in KevinTheJedi's instructions (followed them to a T). The error i'm getting is "No input file specified" when requesting a token. I have apache2, rewrite engine on, allowoverride all etc. I am running the latest 17RC4 with the newest plugin for oath2. I even added the directives for rewrite engine on and allowoverride all in the global config. If you have any ideas please help - I've searched all over for fixes and have been working on it for quite a while.
jiggs
These settings have worked for me, if you still have an issue, you should open your own thread and post your server setup details
email Address Attribute part, you have different, based on your AD settings
Client Id: *
IdP Client / Application Identifier
Client Secret:
IdP Client Secret
Scopes: *
Comma or Space separated scopes depending on IdP requirements
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
Authorization Endpoint: *
Authorization URL
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Token Endpoint: *
Access Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Resource Details Endpoint: *
User Details URL
https://outlook.office.com/api/v2.0/me
Email Address Attribute: *
Please consult your provider docs for the correct attribute to use
emailAddress
Callback Endpoint: *
Redirect Uri
https://YourSupportTicketAddress.com/api/auth/oauth2
You definitely don’t have URL Rewriting enabled properly. Please review Apache documentation on how to enable URL Rewriting. Once you make the change you must restart Apache.
Cheers.