Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Moderator: crythias
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Dear Forum Members,
I have been searching for information on transitioning to OAuth 2.0 authentication, but unfortunately, I haven't found a definitive answer. We currently have Exchange hybrid accounts linked with our system, and I am wondering if it is possible to retain our existing email settings for the time being while testing OAuth 2.0 with a test account.
The primary goal is to ensure that our employees can continue sending emails to our standard "servicedesk" address, which will still route the emails to our OTRS system. Meanwhile, I would like to test OAuth 2.0 authentication using a test user account, without disrupting our daily operations.
If anyone has experience or knowledge in this area, I would greatly appreciate your insights and advice.
Thank you for your assistance!
I have been searching for information on transitioning to OAuth 2.0 authentication, but unfortunately, I haven't found a definitive answer. We currently have Exchange hybrid accounts linked with our system, and I am wondering if it is possible to retain our existing email settings for the time being while testing OAuth 2.0 with a test account.
The primary goal is to ensure that our employees can continue sending emails to our standard "servicedesk" address, which will still route the emails to our OTRS system. Meanwhile, I would like to test OAuth 2.0 authentication using a test user account, without disrupting our daily operations.
If anyone has experience or knowledge in this area, I would greatly appreciate your insights and advice.
Thank you for your assistance!
-
- Znuny superhero
- Posts: 629
- Joined: 24 Feb 2012, 03:58
- Znuny Version: LTS and Features
- Real Name: Mo Azfar
- Location: Kuala Lumpur, MY
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
A good start will here https://www.znuny.org/en/blog/modern-au ... -microsoft
My Github
OTRS CE/LTS Discord Channel
Cant Update Package Anymore ? Check This
Professional OTRS, Znuny & OTOBO services: efflux.de/en
Free and premium add-ons: English
OTRS CE/LTS Discord Channel
Cant Update Package Anymore ? Check This
Professional OTRS, Znuny & OTOBO services: efflux.de/en
Free and premium add-ons: English
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi there,
Thank you for the instructions. My question is, if I follow all the steps, can I still use the authentication method in parallel with the new OAuth 2?
I appreciate your help.
Thank you for the instructions. My question is, if I follow all the steps, can I still use the authentication method in parallel with the new OAuth 2?
I appreciate your help.
-
- Znuny superhero
- Posts: 890
- Joined: 15 Dec 2016, 15:13
- Znuny Version: All
- Real Name: Emin
- Company: Efflux GmbH
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hey,
Yes, you can use basic auth and OAuth 2.0 accounts at the same time.
— Emin
Yes, you can use basic auth and OAuth 2.0 accounts at the same time.
— Emin
Professional OTRS, Znuny & OTOBO services: efflux.de | efflux.de/en/
Free and premium add-ons: German | English
Free and premium add-ons: German | English
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi guys,
Following the steps from the Modern Authentication with Microsoft blog, I managed to set up the token. However, after 1 or 2 hours, the token expired. I'm not sure if that's okay or not. On the other hand, under the refresh token status, there is a message that the refresh token is valid without an expiry date. Is that correct?
The second problem that I have is that after trying to add a new postmaster email address, I have no option to choose the authentication type. I saw a similar problem here:viewtopic.php?f=62&t=43905&p=178095&hil ... pe#p178095
ut couldn't find any solution.
Do you have any idea maybe? How could I solve this problem?
Thanks in advance!
Best regards,
Darko
Following the steps from the Modern Authentication with Microsoft blog, I managed to set up the token. However, after 1 or 2 hours, the token expired. I'm not sure if that's okay or not. On the other hand, under the refresh token status, there is a message that the refresh token is valid without an expiry date. Is that correct?
The second problem that I have is that after trying to add a new postmaster email address, I have no option to choose the authentication type. I saw a similar problem here:viewtopic.php?f=62&t=43905&p=178095&hil ... pe#p178095
ut couldn't find any solution.
Do you have any idea maybe? How could I solve this problem?
Thanks in advance!
Best regards,
Darko
-
- Administrator
- Posts: 3985
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi,
- Roy
Yes, this is correct. Just disable the first notification for the token. As long as the refresh token is valid, you're good.darinko wrote: ↑12 Apr 2024, 11:08 Following the steps from the Modern Authentication with Microsoft blog, I managed to set up the token. However, after 1 or 2 hours, the token expired. I'm not sure if that's okay or not. On the other hand, under the refresh token status, there is a message that the refresh token is valid without an expiry date. Is that correct?
Looks like you have kept some old customer files in the system. Which files are inside of the folder Custom and which add-ons do you have installed?darinko wrote: ↑12 Apr 2024, 11:08 The second problem that I have is that after trying to add a new postmaster email address, I have no option to choose the authentication type. I saw a similar problem here:viewtopic.php?f=62&t=43905&p=178095&hil ... pe#p178095
ut couldn't find any solution.
Do you have any idea maybe? How could I solve this problem?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi Roy,
thanks for the quick response.
Good to know that the token is working correctly.
Regarding the files in the custom folder, I'm not able to check it now as I can't connect to the server at the moment. I will check it on Monday and let you know what I found there.
I have the following add-ons installed:
Thanks for your help!
Best regards,
Darko
thanks for the quick response.
Good to know that the token is working correctly.
Regarding the files in the custom folder, I'm not able to check it now as I can't connect to the server at the moment. I will check it on Monday and let you know what I found there.
I have the following add-ons installed:
Thanks for your help!
Best regards,
Darko
You do not have the required permissions to view the files attached to this post.
-
- Administrator
- Posts: 3985
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi,
I've no idea how you've done it. But the add-on MailAccount-Oauth2 looks suspicious to me. Such a functioniality is built in, probably this is your problem. You should verify that all add-ons are required for Znuny LTS 6.5 and also designed for it.
- Roy
I've no idea how you've done it. But the add-on MailAccount-Oauth2 looks suspicious to me. Such a functioniality is built in, probably this is your problem. You should verify that all add-ons are required for Znuny LTS 6.5 and also designed for it.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
"Hi Roy,
Thank you for your help again. The update was performed by an external partner, and I'm not sure about the specifics of how they did it or what exactly they did. I'm going to check with them. Would you take a look at the custom folder anyway?
Regards,
Darko
Thank you for your help again. The update was performed by an external partner, and I'm not sure about the specifics of how they did it or what exactly they did. I'm going to check with them. Would you take a look at the custom folder anyway?
Regards,
Darko
-
- Administrator
- Posts: 3985
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Yes, It would check the folder and the system at all. Any issues showed when running an support assessment?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 6
- Joined: 28 Feb 2024, 12:09
- Znuny Version: 6.5.6
- Real Name: Darko Maksic
- Company: Käserei Champignon
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hi Roy,
here are the custom files:
Can I run the support assessment during work hours? A lot of colleagues are using the ticket system now, and I don't want to create any problems.
Thanks!
Regards,
Darko
here are the custom files:
Can I run the support assessment during work hours? A lot of colleagues are using the ticket system now, and I don't want to create any problems.
Thanks!
Regards,
Darko
You do not have the required permissions to view the files attached to this post.
-
- Znuny superhero
- Posts: 890
- Joined: 15 Dec 2016, 15:13
- Znuny Version: All
- Real Name: Emin
- Company: Efflux GmbH
- Contact:
Re: Seeking Guidance on Transitioning to OAuth 2.0 Authentication
Hello Darko,
We (Efflux) have initially developed the MailAccount-OAuth2 add-on for older versions of OTRS, Znuny and other forks. If you're using Znuny 6.5, you should delete that extensions, as it overwrites some core functions. But make sure that you create a back-up of your systems, your mail accounts and your current OAuth configuration that comes with the add-on.
— Emin
We (Efflux) have initially developed the MailAccount-OAuth2 add-on for older versions of OTRS, Znuny and other forks. If you're using Znuny 6.5, you should delete that extensions, as it overwrites some core functions. But make sure that you create a back-up of your systems, your mail accounts and your current OAuth configuration that comes with the add-on.
— Emin
Professional OTRS, Znuny & OTOBO services: efflux.de | efflux.de/en/
Free and premium add-ons: German | English
Free and premium add-ons: German | English