Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Moderator: crythias
-
- Znuny newbie
- Posts: 5
- Joined: 14 Sep 2022, 11:11
- Znuny Version: 6.4
- Real Name: Zdenek Sedlak
- Company: Paragon Nyrany
Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hello guys,
please for help how to set Azure App Registration and Zuny OAuth 2.0 Module.
So far I used Windows OTRS v3, but TLS 1.0 issue forced me to migrate to Linux´s Znuny.
By requesting a new Token I can´t get thru redirect URi. It always crash of some error:
AADSTS900971: No reply address provided.
AADSTS50011: The redirect URi ****** specified in the request does not match the redirect URIs configured for the application ******
As return URi I am trying "https://127.0.0.1/otrs/get-oauth2-token ... on-code.pl" or using FQDN of the server instead of 127.0.0.1, but non works at all.
If I open this URi locally on the server, it somehow works - Znuny ask for login, I log in and it remains on that login page.
If there is any manual how to set MS Azure Portal APP Registration + Znuny as well?
I really appreciate any help, thank you.
Zdenek
please for help how to set Azure App Registration and Zuny OAuth 2.0 Module.
So far I used Windows OTRS v3, but TLS 1.0 issue forced me to migrate to Linux´s Znuny.
By requesting a new Token I can´t get thru redirect URi. It always crash of some error:
AADSTS900971: No reply address provided.
AADSTS50011: The redirect URi ****** specified in the request does not match the redirect URIs configured for the application ******
As return URi I am trying "https://127.0.0.1/otrs/get-oauth2-token ... on-code.pl" or using FQDN of the server instead of 127.0.0.1, but non works at all.
If I open this URi locally on the server, it somehow works - Znuny ask for login, I log in and it remains on that login page.
If there is any manual how to set MS Azure Portal APP Registration + Znuny as well?
I really appreciate any help, thank you.
Zdenek
-
- Administrator
- Posts: 3977
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,
Make sure that you system configuration for HttpType and FQDN match the URL in your browser and also the redirect URI in the app registration.
- Roy
Make sure that you system configuration for HttpType and FQDN match the URL in your browser and also the redirect URI in the app registration.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Moderator
- Posts: 393
- Joined: 30 Jan 2008, 02:26
- Znuny Version: All of them ^^
- Real Name: Hannes
- Company: Znuny|OTTERHUB
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,
I'm really not sure if 127.0.0.1 works as a return uri. Except for the case when the Znuny instance is running on your local machine.
You have to use the "real" FQDN where you access your Znuny instance. It can be internal, but the client you use should be able to resolve it.
And you have to specify this URL as a redirect uri when you create the app in azure choose type "web" and URL your instance FQDN+the get-oauth2 token part, as you already did. https://learn.microsoft.com/en-us/excha ... sing-oauth
two notes:
- FQDN has to be set properly
- HTTPType has to be HTTPS
Regards
I'm really not sure if 127.0.0.1 works as a return uri. Except for the case when the Znuny instance is running on your local machine.
You have to use the "real" FQDN where you access your Znuny instance. It can be internal, but the client you use should be able to resolve it.
And you have to specify this URL as a redirect uri when you create the app in azure choose type "web" and URL your instance FQDN+the get-oauth2 token part, as you already did. https://learn.microsoft.com/en-us/excha ... sing-oauth
two notes:
- FQDN has to be set properly
- HTTPType has to be HTTPS
Regards
-
- Znuny newbie
- Posts: 5
- Joined: 14 Sep 2022, 11:11
- Znuny Version: 6.4
- Real Name: Zdenek Sedlak
- Company: Paragon Nyrany
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hello,
thanks for quick feedbacks.
After aligning FQDN and return URI at Azure make some progress, but I still can´t get token.
Now, after request new Token from Znuny, it opens a link
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl?code=0.ASAAQOU******v-STQrBDJw-ATPIdpnUdiR3Oryis&state=TokenConfigID3&session_state=0acf1c*********17#
where I am asked for login to Znuny, but my login is not accepted and web change to
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl - but I am not able to use Znuny logion in here as well.
Any ideas why this happen?
Thank you, appreciate your time.
Zdenek
thanks for quick feedbacks.
After aligning FQDN and return URI at Azure make some progress, but I still can´t get token.
Now, after request new Token from Znuny, it opens a link
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl?code=0.ASAAQOU******v-STQrBDJw-ATPIdpnUdiR3Oryis&state=TokenConfigID3&session_state=0acf1c*********17#
where I am asked for login to Znuny, but my login is not accepted and web change to
https://myserver_FQDN/otrs/get-oauth2-token-by-authorization-code.pl - but I am not able to use Znuny logion in here as well.
Any ideas why this happen?
Thank you, appreciate your time.
Zdenek
-
- Znuny newbie
- Posts: 5
- Joined: 14 Sep 2022, 11:11
- Znuny Version: 6.4
- Real Name: Zdenek Sedlak
- Company: Paragon Nyrany
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.
Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?
I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com
but login failed.
Thank you!
Zdenek
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.
Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?
I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com
but login failed.
Thank you!
Zdenek
-
- Moderator
- Posts: 393
- Joined: 30 Jan 2008, 02:26
- Znuny Version: All of them ^^
- Real Name: Hannes
- Company: Znuny|OTTERHUB
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,
the host is the same for IMAP and IMAP+OAuth.
https://support.microsoft.com/en-us/off ... 6c4ac95353
the host is the same for IMAP and IMAP+OAuth.
https://support.microsoft.com/en-us/off ... 6c4ac95353
-
- Znuny newbie
- Posts: 5
- Joined: 14 Sep 2022, 11:11
- Znuny Version: 6.4
- Real Name: Zdenek Sedlak
- Company: Paragon Nyrany
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Thanks a lot! Seems that Znuny is set correctly finally.
Now we have to resolve IMAP login issue, it has something to deal with Register service principals in Exchange.
Having no idea about it.
Crazy!
Cheers
Zdenek
Now we have to resolve IMAP login issue, it has something to deal with Register service principals in Exchange.
Having no idea about it.
Crazy!
Cheers
Zdenek
-
- Znuny newbie
- Posts: 5
- Joined: 14 Sep 2022, 11:11
- Znuny Version: 6.4
- Real Name: Zdenek Sedlak
- Company: Paragon Nyrany
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Problem solved!
After Register service principals in Exchange accordingly, the blocked was that I used IMAP instead of IMAPTLS protocol.
All good, thank you for help that lead me to resolving all problems.
And sorry for lame questions
After Register service principals in Exchange accordingly, the blocked was that I used IMAP instead of IMAPTLS protocol.
All good, thank you for help that lead me to resolving all problems.
And sorry for lame questions
-
- Znuny newbie
- Posts: 93
- Joined: 29 Jun 2018, 13:44
- Znuny Version: 6.x.x/7.0.x
- Real Name: Ruben Sardinha
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hello all,zdenek wrote: ↑20 Sep 2022, 11:11 Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.
Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?
I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com
but login failed.
Thank you!
Zdenek
Sorry to ask, but how did you end up fixing your app?
We've been having the same issue but we're still stuck!
Any help would be appreciated
-
- Administrator
- Posts: 3977
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,
The endpoints can be found with your registered app in the Azure portal. You need the endpoints/URIs for OAuth 2.0 authorization and token.
- Roy
The endpoints can be found with your registered app in the Azure portal. You need the endpoints/URIs for OAuth 2.0 authorization and token.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 93
- Joined: 29 Jun 2018, 13:44
- Znuny Version: 6.x.x/7.0.x
- Real Name: Ruben Sardinha
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi Roy,
Thanks for the reply.
I've noticed that the configuration is a bit different from what it says on the manual, from what I have on my OTRS.
Using this link:
https://docs.znuny.org/manual/admin/aut ... index.html
I noticed that there are a lot more options available to configure a token than from what I have on my instance of OTRS (OTRS 6.3.4)
Below is the picture that is available on the documentation. And below is what I have available on my OTRS: Any reason why we don't see those extra settings?
Thanks in advance
Thanks for the reply.
I've noticed that the configuration is a bit different from what it says on the manual, from what I have on my OTRS.
Using this link:
https://docs.znuny.org/manual/admin/aut ... index.html
I noticed that there are a lot more options available to configure a token than from what I have on my instance of OTRS (OTRS 6.3.4)
Below is the picture that is available on the documentation. And below is what I have available on my OTRS: Any reason why we don't see those extra settings?
Thanks in advance
You do not have the required permissions to view the files attached to this post.
-
- Administrator
- Posts: 3977
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Because the screenshot belongs to a Znuny 6.4.3
Before that version you have to create the token configuration, download it, replace the URL in the YAML-file and the upload it again (w/ overwrite). Then you can request the token.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 93
- Joined: 29 Jun 2018, 13:44
- Znuny Version: 6.x.x/7.0.x
- Real Name: Ruben Sardinha
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hey Roy,
We've updated to the version 6.4.3, we can already create and fetch tokens, but we can't fetch the emails.
We're currently getting the error below:
Code: Select all
Error while retrieving the messages 'IMAPS': Could not select :
We have a folder called OTRS, which copies all the emails that get delivered to the mailbox, to this folder.
If we use the password method, we can successfully fetch emails, but if we do it using a Token, it fails.
Any help would be appreciated.
You do not have the required permissions to view the files attached to this post.
-
- Administrator
- Posts: 3977
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,
Is the folder really on the same level like the INBOX? Maybe it's INBOX/OTRS. For debugging I recommend fetching the e-mails via command line:
Code: Select all
bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --mail-account-id XX --debug
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 93
- Joined: 29 Jun 2018, 13:44
- Znuny Version: 6.x.x/7.0.x
- Real Name: Ruben Sardinha
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hi,root wrote: ↑07 Oct 2022, 18:57 Hi,
Is the folder really on the same level like the INBOX? Maybe it's INBOX/OTRS. For debugging I recommend fetching the e-mails via command line:
Just replace XX with the id of the mail account.Code: Select all
bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --mail-account-id XX --debug
- Roy
The folder is at the root level, same as the INBOX folder.
I tried using the debug method and got a different error:
Code: Select all
ERROR: 2 BAD User is authenticated but not connected. at /usr/share/perl5/Mail/IMAPClient.pm line 1378.
-
- Znuny newbie
- Posts: 93
- Joined: 29 Jun 2018, 13:44
- Znuny Version: 6.x.x/7.0.x
- Real Name: Ruben Sardinha
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hey Roy,
It's working. We were fetching the Token with our personal Azure users, instead of the mailbox user.
It's working. We were fetching the Token with our personal Azure users, instead of the mailbox user.
-
- Znuny newbie
- Posts: 5
- Joined: 15 Jan 2019, 12:56
- Znuny Version: 6 patch level 15
- Company: SGPCM
Re: Problem Azure App registration + Znuny OAuth2 ? (returned URi not working)
Hey Zdenek!zdenek wrote: ↑20 Sep 2022, 11:11 Guys,
I sucessfully request new token!
Maybe new APP registration in Azure was also needed.
Now I need last hint, I hope.
What is the correct Microsoft HOST address to get to IMAP via oAUth2?
I am using this
https://login.microsoftonline.com/tenan ... v2.0/token
or just simple
https://login.microsoftonline.com
but login failed.
Thank you!
Zdenek
I'm stuck in this same place, do you remember how did you solved this?
I don't see any errors in /var/log/httpd or /opt/oprs/var/log.
Many thanks.
Best regards,