Link up with o365 with error code 422

Hello,

I have followed the manual

https://admin-docs.zammad.org/de/latest/security-thirdparty/microsoft.html#register-microsoft-app

to setup linking with o365 user. However, it comes up error 422

and I don’t know how to trace it.

My zammad is version 3.0
and the o365 user did still haven’t created under Zammad before.

Thanks in advance.

Hello and welcome,

as already stated in https://github.com/zammad/zammad/issues/2617#issuecomment-504940804 :
Please do not remove the template, as it contains important information we need to know.

We can’t help you with the supplied information.
Please fill in at leas the following information (edit your first post):

* Used Zammad version: 
* Used Zammad installation source: (source, package, ...)
* Operating system: 
* Browser + version: 

Also, please provide your production log ( /var/log/zammad/production.log ) with traceback from the moment you try to authenticate with Office365.

Hello,

• Used Zammad version: Version 3.0.x
• Used Zammad installation source: (source, package, …): zammad-3.0.0-1560433985.617324d6.centos7.x86_64
• Operating system: Centos 7.6.1810
• Browser + version: Firefox and Chrome (both latest version)

and could you please advise how to upload the production.log?

Thanks!

You can either upload it on your favorite shared hoster or put it into a code tags:

```
Log-Content-here
```

It’s enough to post the last ~20 lines before your traceback, together with your traceback.

Hello,

Please the production log check from following link.

I, [2019-06-24T16:41:06.071830 #7878-47156925011520]  INFO -- : Started GET "/auth/microsoft_office365" for 666.666.666.666 at 2019-06-24 16:41:06 +0800
I, [2019-06-24T16:41:10.231704 #7877-47073352092880]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2019-06-24T16:41:17.397000 #7878-47156923874760]  INFO -- : Started GET "/auth/microsoft_office365/callback?code=[FILTERED]&state=08e51a67331f0f0b6a6699bb8ad6c677a4b7cbbdf355d93c&session_state=79248a40-d89f-4d6c-84f3-65f4f6ff0837" for 666.666.666.666 at 2019-06-24 16:41:17 +0800
I, [2019-06-24T16:41:17.892376 #7878-47156925012380]  INFO -- : Started GET "/auth/failure?message=invalid_credentials&origin=https%3A%2F%2Fzammad.domain.tld%2F&strategy=microsoft_office365" for 125.215.176.74 at 2019-06-24 16:41:17 +0800
I, [2019-06-24T16:41:17.896828 #7878-47156925012380]  INFO -- : Processing by SessionsController#failure_omniauth as HTML
I, [2019-06-24T16:41:17.896945 #7878-47156925012380]  INFO -- :   Parameters: {"message"=>"invalid_credentials", "origin"=>"https://zammad.domain.tld/", "strategy"=>"microsoft_office365"}
E, [2019-06-24T16:41:17.897342 #7878-47156925012380] ERROR -- : Message from microsoft_office365: invalid_credentials (Exceptions::UnprocessableEntity)
/opt/zammad/app/controllers/sessions_controller.rb:169:in `failure_omniauth'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/abstract_controller/base.rb:186:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/rendering.rb:30:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/callbacks.rb:131:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/abstract_controller/callbacks.rb:19:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/rescue.rb:20:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/notifications.rb:166:in `block in instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/notifications.rb:166:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal/params_wrapper.rb:252:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activerecord-5.1.7/lib/active_record/railties/controller_runtime.rb:22:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/abstract_controller/base.rb:124:in `process'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionview-5.1.7/lib/action_view/rendering.rb:30:in `process'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal.rb:189:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_controller/metal.rb:253:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/routing/route_set.rb:31:in `serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/journey/router.rb:50:in `block in serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/journey/router.rb:33:in `each'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/journey/router.rb:33:in `serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/routing/route_set.rb:844:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/etag.rb:25:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/conditional_get.rb:25:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/head.rb:12:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/session/abstract/id.rb:232:in `context'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/session/abstract/id.rb:226:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/cookies.rb:613:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/callbacks.rb:26:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/callbacks.rb:97:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/callbacks.rb:24:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.7/lib/rails/rack/logger.rb:36:in `call_app'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.7/lib/rails/rack/logger.rb:24:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/tagged_logging.rb:69:in `block in tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/tagged_logging.rb:26:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/tagged_logging.rb:69:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.7/lib/rails/rack/logger.rb:24:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/request_id.rb:25:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/method_override.rb:22:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/runtime.rb:22:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.7/lib/active_support/cache/strategy/local_cache_middleware.rb:27:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/executor.rb:12:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.7/lib/action_dispatch/middleware/static.rb:125:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.7/lib/rack/sendfile.rb:111:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.7/lib/rails/engine.rb:522:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.12.1/lib/puma/configuration.rb:227:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.12.1/lib/puma/server.rb:660:in `handle_request'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.12.1/lib/puma/server.rb:474:in `process_client'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.12.1/lib/puma/server.rb:334:in `block in run'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.12.1/lib/puma/thread_pool.rb:135:in `block in spawn_thread'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
I, [2019-06-24T16:41:17.898076 #7878-47156925012380]  INFO -- :   Rendering inline template
I, [2019-06-24T16:41:17.898682 #7878-47156925012380]  INFO -- :   Rendered inline template (0.5ms)
I, [2019-06-24T16:41:17.898830 #7878-47156925012380]  INFO -- : Completed 422 Unprocessable Entity in 2ms (Views: 0.9ms | ActiveRecord: 0.0ms)

Thanks!

I edited your last post to the relevant log information, you can remove your logfile from the cloud (thanks for that!)

I could verify the issue, it only happens if you have two two active (signed in) sessions on microsoft.
This means, as soon as you get to choose between two or more microsoft accounts, at least one will fail.

Interestingly during my test, I could still use the account I used first to authenticate without trouble.
I’m still not sure if we can do anything about it.

However, I’ll sumup the collected information on your Github Issue ( https://github.com/zammad/zammad/issues/2617 )

Thanks for providing the needed information, it really helped a lot!

Hello,

Thanks for follow up. I read your tracker information at Github and try using reproduce steps to complete out my MS account and Zammad. Then try to access again but still no luck.

Does anything can be as a workaround before fix? Such as clean up something under Zammad or Browser?

Thanks!

Are you logged of from all Microsoft Accounts and only use one?
(cross test this in a private mode browser and login with just one microsoft account, it should work)

There’s currently no workaround, no.
Again, I’m currently not sure if this is a Zammad related bug, because it strikes as soon as Microsoft let’s you choose the Account you want to authenticate with. I think it is a Bug on our end, because it works on other things

Hi,

So we are facing kinda the same issue. Reffering to case https://github.com/zammad/zammad/issues/2743

Our logs show this error though:

F, [2019-09-17T08:33:28.369370 #51948-47047058075300] FATAL – :
F, [2019-09-17T08:33:28.369463 #51948-47047058075300] FATAL – : ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2019-09-17T08:33:28.369505 #51948-47047058075300] FATAL – :
F, [2019-09-17T08:33:28.369560 #51948-47047058075300] FATAL – : vendor/bundle/ruby/2.5.0/gems/omniauth-rails_csrf_protection-0.1.2/lib/omniauth/rails_csrf_protection/token_verifier.rb:34:in `call’

It works on all other browsers who are not chromium based.
This is a fresh install of zammad.

Could you try this:

• open the WebApp in your Browser don’t click anything
• do a clean reload (CTRL + SHIFT + R)
• if everything loaded, click on Office365 icon and try to authenticate

I tried to reproduce this on chromium based browsers yesterday and used a freshly updated Zammad 3.1 from repos at that moment. I couldn’t reproduce it.

If it still happens, could you please share the exact versions of the affected browsers? Also, if they have extensions installed, could you share them?

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.