Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Moderator: crythias

Post Reply
zdenek
Znuny newbie
Posts: 5
Joined: 14 Sep 2022, 11:11
Znuny Version: 6.4
Real Name: Zdenek Sedlak
Company: Paragon Nyrany

Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by zdenek »

Hello guys,
please for help how to set Azure App Registration and Zuny OAuth 2.0 Module.
So far I used Windows OTRS v3, but TLS 1.0 issue forced me to migrate to Linux´s Znuny.

By requesting a new Token I can´t get thru redirect URi. It always crash of some error:
AADSTS900971: No reply address provided.
AADSTS50011: The redirect URi ****** specified in the request does not match the redirect URIs configured for the application ******

As return URi I am trying "https://127.0.0.1/otrs/get-oauth2-token ... on-code.pl" or using FQDN of the server instead of 127.0.0.1, but non works at all.
If I open this URi locally on the server, it somehow works - Znuny ask for login, I log in and it remains on that login page.

If there is any manual how to set MS Azure Portal APP Registration + Znuny as well?

I really appreciate any help, thank you.
Zdenek
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by root »

Hi,

Make sure that you system configuration for HttpType and FQDN match the URL in your browser and also the redirect URI in the app registration.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Johannes
Moderator
Posts: 391
Joined: 30 Jan 2008, 02:26
Znuny Version: All of them ^^
Real Name: Hannes
Company: Znuny|OTTERHUB

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by Johannes »

Hi,

I'm really not sure if 127.0.0.1 works as a return uri. Except for the case when the Znuny instance is running on your local machine.
You have to use the "real" FQDN where you access your Znuny instance. It can be internal, but the client you use should be able to resolve it.

And you have to specify this URL as a redirect uri when you create the app in azure choose type "web" and URL your instance FQDN+the get-oauth2 token part, as you already did. https://learn.microsoft.com/en-us/excha ... sing-oauth

two notes:
- FQDN has to be set properly
- HTTPType has to be HTTPS

Regards
zdenek
Znuny newbie
Posts: 5
Joined: 14 Sep 2022, 11:11
Znuny Version: 6.4
Real Name: Zdenek Sedlak
Company: Paragon Nyrany

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by zdenek »

Hello,
thanks for quick feedbacks.
After aligning FQDN and return URI at Azure make some progress, but I still can´t get token.

Now, after request new Token from Znuny, it opens a link
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl?code=0.ASAAQOU******v-STQrBDJw-ATPIdpnUdiR3Oryis&state=TokenConfigID3&session_state=0acf1c*********17#
where I am asked for login to Znuny, but my login is not accepted and web change to
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl - but I am not able to use Znuny logion in here as well.

Any ideas why this happen?

Thank you, appreciate your time.
Zdenek
zdenek
Znuny newbie
Posts: 5
Joined: 14 Sep 2022, 11:11
Znuny Version: 6.4
Real Name: Zdenek Sedlak
Company: Paragon Nyrany

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by zdenek »

Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.

Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?

I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com

but login failed.

Thank you!
Zdenek
Johannes
Moderator
Posts: 391
Joined: 30 Jan 2008, 02:26
Znuny Version: All of them ^^
Real Name: Hannes
Company: Znuny|OTTERHUB

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by Johannes »

Hi,
the host is the same for IMAP and IMAP+OAuth.

https://support.microsoft.com/en-us/off ... 6c4ac95353
zdenek
Znuny newbie
Posts: 5
Joined: 14 Sep 2022, 11:11
Znuny Version: 6.4
Real Name: Zdenek Sedlak
Company: Paragon Nyrany

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by zdenek »

Thanks a lot! Seems that Znuny is set correctly finally.

Now we have to resolve IMAP login issue, it has something to deal with Register service principals in Exchange.
Having no idea about it.
Crazy! ;-)

Cheers
Zdenek
zdenek
Znuny newbie
Posts: 5
Joined: 14 Sep 2022, 11:11
Znuny Version: 6.4
Real Name: Zdenek Sedlak
Company: Paragon Nyrany

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by zdenek »

Problem solved!
After Register service principals in Exchange accordingly, the blocked was that I used IMAP instead of IMAPTLS protocol.
All good, thank you for help that lead me to resolving all problems.
And sorry for lame questions :-)
chrotha
Znuny newbie
Posts: 93
Joined: 29 Jun 2018, 13:44
Znuny Version: 6.x.x/7.0.x
Real Name: Ruben Sardinha

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by chrotha »

zdenek wrote: 20 Sep 2022, 11:11 Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.

Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?

I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com

but login failed.

Thank you!
Zdenek
Hello all,

Sorry to ask, but how did you end up fixing your app?
We've been having the same issue but we're still stuck!
Any help would be appreciated
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by root »

Hi,

The endpoints can be found with your registered app in the Azure portal. You need the endpoints/URIs for OAuth 2.0 authorization and token.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
chrotha
Znuny newbie
Posts: 93
Joined: 29 Jun 2018, 13:44
Znuny Version: 6.x.x/7.0.x
Real Name: Ruben Sardinha

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by chrotha »

Hi Roy,

Thanks for the reply.
I've noticed that the configuration is a bit different from what it says on the manual, from what I have on my OTRS.
Using this link:
https://docs.znuny.org/manual/admin/aut ... index.html
I noticed that there are a lot more options available to configure a token than from what I have on my instance of OTRS (OTRS 6.3.4)
Below is the picture that is available on the documentation.
oauth2_admin_add.png
And below is what I have available on my OTRS:
Screenshot_2.png
Any reason why we don't see those extra settings?

Thanks in advance
You do not have the required permissions to view the files attached to this post.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by root »

chrotha wrote: 29 Sep 2022, 21:44
Any reason why we don't see those extra settings?
Because the screenshot belongs to a Znuny 6.4.3

Before that version you have to create the token configuration, download it, replace the URL in the YAML-file and the upload it again (w/ overwrite). Then you can request the token.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
chrotha
Znuny newbie
Posts: 93
Joined: 29 Jun 2018, 13:44
Znuny Version: 6.x.x/7.0.x
Real Name: Ruben Sardinha

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by chrotha »

root wrote: 29 Sep 2022, 23:05
chrotha wrote: 29 Sep 2022, 21:44
Any reason why we don't see those extra settings?
Because the screenshot belongs to a Znuny 6.4.3

Before that version you have to create the token configuration, download it, replace the URL in the YAML-file and the upload it again (w/ overwrite). Then you can request the token.

- Roy

Hey Roy,

We've updated to the version 6.4.3, we can already create and fetch tokens, but we can't fetch the emails.
We're currently getting the error below:

Code: Select all

Error while retrieving the messages 'IMAPS': Could not select : 
This is the configuration that we currently have on our Postmaster Mail Account
Screenshot_3.png
We have a folder called OTRS, which copies all the emails that get delivered to the mailbox, to this folder.
If we use the password method, we can successfully fetch emails, but if we do it using a Token, it fails.

Any help would be appreciated.
You do not have the required permissions to view the files attached to this post.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by root »

chrotha wrote: 07 Oct 2022, 18:16
Any help would be appreciated.
Hi,

Is the folder really on the same level like the INBOX? Maybe it's INBOX/OTRS. For debugging I recommend fetching the e-mails via command line:

Code: Select all

bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --mail-account-id XX --debug
Just replace XX with the id of the mail account.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
chrotha
Znuny newbie
Posts: 93
Joined: 29 Jun 2018, 13:44
Znuny Version: 6.x.x/7.0.x
Real Name: Ruben Sardinha

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by chrotha »

root wrote: 07 Oct 2022, 18:57 Hi,

Is the folder really on the same level like the INBOX? Maybe it's INBOX/OTRS. For debugging I recommend fetching the e-mails via command line:

Code: Select all

bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --mail-account-id XX --debug
Just replace XX with the id of the mail account.

- Roy
Hi,

The folder is at the root level, same as the INBOX folder.
I tried using the debug method and got a different error:

Code: Select all

ERROR: 2 BAD User is authenticated but not connected. at /usr/share/perl5/Mail/IMAPClient.pm line 1378.
Thanks
chrotha
Znuny newbie
Posts: 93
Joined: 29 Jun 2018, 13:44
Znuny Version: 6.x.x/7.0.x
Real Name: Ruben Sardinha

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by chrotha »

Hey Roy,

It's working. We were fetching the Token with our personal Azure users, instead of the mailbox user.
vilhs
Znuny newbie
Posts: 5
Joined: 15 Jan 2019, 12:56
Znuny Version: 6 patch level 15
Company: SGPCM

Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)

Post by vilhs »

zdenek wrote: 20 Sep 2022, 11:11 Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.

Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?

I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com

but login failed.

Thank you!
Zdenek
Hey Zdenek!

I'm stuck in this same place, do you remember how did you solved this?

I don't see any errors in /var/log/httpd or /opt/oprs/var/log.

Many thanks.

Best regards,
Post Reply