Microsoft Authentication: 422 error


  • Used Zammad version: 6.2.0-1705920690.db7738e0.jammy
  • Used Zammad installation type: package
  • Operating system: Ubuntu 22.04 + apache2
  • Browser + version: Edge (Latest), Firefox (Latest) and Chrome (Latest)

Expected behavior:

  • I try to set up Authentication via Microsoft.
    I expect that my users can login trough the Microsoft account from our tennant.

Actual behavior:

  • Gives Error 422 After configure the Authentication in the settings menu.

  • When trying to login with the Microsoft button.
    422: The change you wanted was rejected.
    Message from microsoft_office365: ActionController::InvalidAuthenticityToken

  • When i try to surf to the callback url i get a different error:

422: The change you wanted was rejected.

Message from microsoft_office365: csrf_detected

Steps to reproduce the behavior:

  • Setup Authentication trough the Zammad docs page
  • Try to login with the Microsoft button
  • Surf to the callback url> different error

I tried many different things but cant find the solution…

Hi @stiman. I guess you did something wrong in your configuration or you are using another FQDN to access your system and there is a mismatch between the one that is entered in your Microsoft app and the one you’re using.

I just tested it with a locally installed Zammad and it works fine (following the docs).

HI, thx for your reply.

I don’t think it has something to do with the FQDN because i already could configure the M365 Channel (email). That is also with an app registration in Azure portal.

Could it be something in my apache 2 configuration?

Ok, i found the solution.

It was a setting in my firewall.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.