Infos:

• Used Zammad version: version 5.0.x
• Used Zammad installation type: package
• Operating system: Ubuntu 18.04.6 LTS
• Browser + version: Chrome

Expected behavior:

• Able to login to Zammad after using SAML authentication.

Actual behavior:

• Callback URL return Error 500 after authenticating with Azure AD using SAML.

Steps to reproduce the behavior:

• Configure Enterprise app on Azure AD by uploading zammad metadata file and configure required claim attributes

• Configure the SAML setting on Zammad

Hi guys,
I managed to get the M365 login option working but need to get the SAML option integrated with Azure AD as well. I’ve hit a roadblock in terms of this. May I check if my configurations are correct? What could be the cause of the error 500?

I will try to post some pictures of the configuration below.

Thanks!

Edit. I figured out that I had to remove the BEGIN CERTIFICATE portion from the X509 cert when entering it on the zammad UI.

I’m now able to perform a saml sign in but it’s returning a “422: The change you wanted was rejected.” error.

Message from saml: invalid_ticket

Invalid ticket may indicate a time drift in between Microsoft and your local Zammad server. Make sure that it syncs to NTP time which may help already. Also the production.log might provide further clues.

When using Authentik sso I get the same error

422: The change you wanted was rejected.

Message from saml: invalid_ticket

I checked the production log and it just shows that the same error was sent I check the time and there is no drift from what I can see. it seams as the call back isnt accepting what SSO is sending back.