Infos:
- Used Zammad version: 7.0.1-1775632038.d6c89953.bookworm
- Used Zammad installation type: package
- Operating system: Debian 12
- Browser + version: Firefox, Chrome,…
Expected behavior:
- Sign-in via Microsoft as a third-party provider is set up correctly.
- The system is used only for internal users from the shared tenant.
- New users can either send an email (to the address configured as a Microsoft 365 Graph email) or log in directly on the website using their Microsoft account. In both cases, a corresponding new user account should be created. If users subsequently choose the other method to create a new ticket, the existing accounts should be recognized and reused/ connected.
Actual behavior:
- If you first log in as an unknown user via Microsoft, a new user is created in Zammad. Login = Microsoft User ID. If this user later sends an email to the ticket system, the ticket is correctly assigned to the existing user
- If you first send an email to the ticket system as an unknown user, a new user is also created. Login = email address. If you then go to the website later and try to log in via Microsoft, you will receive an error message. 500: An unknown error occurred. You will then be unable to log in.
- If you reload the error message you get: 422 Unprocessable Entity, The change you wanted was rejected. Message from microsoft_office365: csrf_detected
Steps to reproduce the behavior:
- These issues have been tested and reproduced multiple times with new users.
- We are still in the testing and development phase. We do not have any live users or tickets.
- The problem persists even after deleting all users and tickets.
- Base FQDN and Redirect URI already checked
- no Reverse-Proxy