422: The change you wanted was rejected. Message from saml: invalid_ticket

Infos:

• Used Zammad version: version 5.0.x
• Used Zammad installation type: package
• Operating system: Ubuntu 18.04.6 LTS
• Browser + version: Chrome

Expected behavior:

• Able to login to Zammad after using SAML authentication.

Actual behavior:

• Callback URL return Error 500 after authenticating with Azure AD using SAML.

Steps to reproduce the behavior:

• Configure Enterprise app on Azure AD by uploading zammad metadata file and configure required claim attributes

• Configure the SAML setting on Zammad

Hi guys,
I managed to get the M365 login option working but need to get the SAML option integrated with Azure AD as well. I’ve hit a roadblock in terms of this. May I check if my configurations are correct? What could be the cause of the error 500?

I will try to post some pictures of the configuration below.

Thanks!

Edit. I figured out that I had to remove the BEGIN CERTIFICATE portion from the X509 cert when entering it on the zammad UI.

I’m now able to perform a saml sign in but it’s returning a “422: The change you wanted was rejected.” error.

Message from saml: invalid_ticket

Invalid ticket may indicate a time drift in between Microsoft and your local Zammad server. Make sure that it syncs to NTP time which may help already. Also the production.log might provide further clues.