ntozier , KevinTheJedi ,
Thank you for your posts in the meantime, apologies for the delay.
Indeed, as per post https://forum.osticket.com/d/92134-openid-authentication-for-microsoft-in-osticket referred by my colleague JuVDC above, we are using the authorisation plugin https://github.com/cbasolutions/osTicket-Plugins/tree/master/auth-openid-MS (Release - 2018-06-23), sorry for the non-explicit information.
It is also worth noting that we are using the following set up:
osTicket v1.15.2 // osTicket-1.15.1-Awesome-102
PHP 7.4.20 // MySQL 5.7.34 // Apache/2.4.38 (Debian) web server
I have added debugging info in our test copy of https://github.com/cbasolutions/osTicket-Plugins/blob/master/auth-openid-MS/src/openid_ms.php and after reproducing this non-systematic rogue blank page, I have already identified a few potential issues/weaknesses in the code, especially related to somewhat incomplete/brittle tests with $_SERVER['SCRIPT_NAME']
(it appears that sometimes instead of the hard-coded paths expected in the code, other paths get actually returned, such as "/index.php" or "/scp/index.php" !?) and with $_COOKIE['LOGIN_TYPE']
(the cookie is rather short-lived [180 seconds] and so can quite easily get expired/undefined) - but there could still well be other issues, I am not familiar with such authentication code.
It may also be worth noting that I have only found the path to the 'rogue' page referenced at this line in the code: https://github.com/cbasolutions/osTicket-Plugins/blob/ad2b04a1074187369157f341001a0f10404fc846/auth-openid-MS/src/openid_ms.php#L16
$redirectUri = rawurlencode(rtrim($ost->getConfig()->getURL(), '/') . '/api/auth/ext');
... and that web server folder "/api/" contains a file ".htaccess" with the following contents (path '/api/auth/ext' does not actually exist on the server):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*/api)
RewriteRule ^(.*)$ %1/http.php/$1 [L]
</IfModule>
Also note that I think that I have determined the root cause of the following (as per my previous reply XKa-MSF-OCB) and that it is unrelated and may be ignored:
I also noticed (but this appears not systematic either) that after this rogue blank page is shown, if I manually return to the site root page "/" and try to click on the button to check tickets ("/tickets.php") or on the one to reply to tickets ("/scp/"), I unexpectedly get redirected to the page to create a new ticket ("/open.php")!?
Once again, the weird thing is that often this rogue local site blank page "/api/auth/ext" does not show - only now and then especially with Chrome (apparently never with Firefox) and when connected on the internal network where our OSTicket server is running (either on-site or via VPN, but apparently not when connected from the Internet outside) - this does not appear to reoccur systematically, which is quite troublesome to debug. 🙁
I hope these additional details will help a bit more.
Anyway feel free to ask for any further details and/or troubleshooting actions on our side.
With thanks