Error 422: The change you wanted was rejected. [Office 365]

Infos:

  • Used Zammad version: 3.1
  • Used Zammad installation source: (source, package, …) package
  • Operating system: Debian 9
  • Browser + version: Firefox 70.0b9, Chrome 77.0.3865.90, Microsoft Edge Dev 79.0.279.0

Expected behavior:

Get logged in into zammad with O365 credentials

Actual behavior:

Steps to reproduce the behavior:

Try logging in with O365 in zammad with the following browsers:

  • Firefox 70.0b9
  • Chrome 77.0.3865.90
  • Microsoft Edge Dev 79.0.279.0

:arrow_right: Only one (1) account logged in.
:arrow_right: Behavior happens in normal AND private mode.
:arrow_right: O365 tenant = education
:arrow_right: Happens with AAD connected accounts and non domain joined devices (just using O365 creds to login)
:arrow_right: Tried with-out addons & plugins )

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-extensions --disable-plugins

Works fine in:

  • Internet Explorer
  • Firefox 69
  • Microsoft Edge (non chromium)

Notes:

I’ve seen many github issues about the error 422 being closed with the [can’t reproduce] tag. But this
sure feels like a bug.

Putting
proxy_set_header X-Forwarded-Ssl on;
in nginx config (/etc/nginx/sites-available/zammad.conf) does not help.

edit: 26/09/19 added tested with no-addon(s) & no-plugin(s)

Is the user already known to Zammad and never logged in via Office365 login yet?
Please note that even if the user is known via LDAP as exmaple, office365 login works differently and is not seen as the “same account”.

If the account is already known to Zammad, please ensure to allow automatic account linking within security settings if needed.

I still can’t reproduce this issue.

Hi MrGeneration

My account is known to Zammad and is logging in using Office 365 a lot. I’m using Firefox 69 but I actually use Edge Dev or Chrome as my main browser.

LDAP is not configured, we’re using Azure Active Directory (AAD) and that does not natively support LDAP. (No hybrid environment with local AD)

Automatic linking is configured:

GIF on Firefox 70 b9 (same happens on Chrome & Edge Dev)

GIF on Internet Explorer

As said, tried it on different computers, private mode,…
Feel free to guide me to to provide specific logs you wish to see.

Thanks!

I’ve just tested it on my mobile device (Android)

  • Firefox for mobile (68.1.1) -> Works just fine.
  • Chrome App (77.0.3865.92) -> Same error

When using F12 the difference between is in the request-URL:

When it doesn’t work it only shows:

https://helpdesk.xxx.xx/auth/microsoft_office365

While if it works it actually shows:

https://helpdesk.xxx.xx/auth/microsoft_office365/callback?code=

Today we had someone with a similar issue, manybe the following comment helps you:

Hi @MrGeneration

Problem solved, worst part was I posted the solution in my opening post. Ofc its important to place the code at the right place…

bastienroussel was using apache, I’m using nginx so I fist tried to convert it to nginx and it was the 2nd time that X-Forwarded-Ssl on; was part of a fix for a similar error. So I continued my search…

Topics with 422 fixes with X-Forward-SSL:

Solution:

I pasted

proxy_set_header X-Forwarded-Ssl on;

Under server { } :x: in /etc/nginx/sites-available/zammad.conf
But It should have been placed under location { } :white_check_mark: in /etc/nginx/sites-available/zammad.conf

This is the code I have in my zammad.conf file.

 location / {
     proxy_set_header Host $http_host;
     proxy_set_header CLIENT_IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_read_timeout 180;
     proxy_pass http://zammad;
     #FIX FOR ERROR 422 on Chrome/Firefox > 69
     proxy_set_header X-Forwarded-Ssl on;


     gzip on;
     gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
     gzip_proxied any;
 }
3 Likes

Please open your own thread, you’re hijacking a solved thread witha completely different technology. This will just cause confusing. :-X

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.