O365 auth 422 invalid credentials

Infos:

  • Used Zammad version: 3.2.x
  • Used Zammad installation source: package installation
  • Operating system: CentOS 7, Linux 3.10.0-1062.12.1.el7.x86_64
  • Browser + version: 64 Bit Firefox 73.0.1, 64 Bit Chrome 80.0.3987.116, 64 Bit IE 11.0.165

Expected behavior:

  • Be able to login Office365 Users

Actual behavior:

  • After successfully logging in at the microsoft api, i get redirected to my zammad instance telling me:

422: The change you wanted was rejected.

Message from microsoft_office365: invalid_credentials

Browser Tab tells: Unprocessable Entity

  • Followed all steps after https://admin-docs.zammad.org/en/latest/settings/security/third-party/microsoft.html

  • Tested with users wich already existed in zammad, as well as none existing zammad users

  • Tested with users wich already existed in zammad with correct info: first, last name, mail, pw

  • Tested with several browser, used private tabs, rebooted server while testing

  • AppID andSecretID are correct

  • Tested with Automatic account link on initial logon: On/Off

  • Same behaviour when trying to link user profile to o365

Steps to reproduce the behavior:

  • Install package installation Zammad on Centos7 latest patches
  • Setup SSL
  • Register App on portal.azure.com fpr zammad: AppID, SecretID, Redirect URL, Grant needed permissions
  • Test with all conditions i did, mentioned in “Actual behavior”

Logs:

  • /var/log/zammad/production.log

I, [2020-02-19T15:59:01.137852 #1007-47393735808920] INFO – : Started GET “/auth/microsoft_office365/callback?code=[FILTERED]&state=XXXXXXXXXXXXX&session_state=XXXXXXXXXXXXX” for X.X.X.X at 2020-02-19 15:59:01 +0100
I, [2020-02-19T15:59:02.065746 #1007-47393735809320] INFO – : Started GET “/auth/failure?message=invalid_credentials&origin=https%3A%2F%2Fzammad.XX.de%2F&strategy=microsoft_office365” for X.X.X.X at 2020-02-19 15:59:02 +0100
I, [2020-02-19T15:59:02.069165 #1007-47393735809320] INFO – : Processing by SessionsController#failure_omniauth as HTML
I, [2020-02-19T15:59:02.069214 #1007-47393735809320] INFO – : Parameters: {“message”=>“invalid_credentials”, “origin”=>“https://zammad.XX.de/”, “strategy”=>“microsoft_office365”}
E, [2020-02-19T15:59:02.069487 #1007-47393735809320] ERROR – : Message from microsoft_office365: invalid_credentials (Exceptions::UnprocessableEntity)
/opt/zammad/app/controllers/sessions_controller.rb:95:in `failure_omniauth’

We had the same issue. Message 422, but accounts are linked.
We ignored this message and just called the login url. There was the login Button of O365.
image

Hi, we are experiencing the same issue, and yes, our users have a ‘day to day’ account, along with their admin accounts in office365. It’s unclear to me if this issue has ever been addressed? I’m new to the community so if I’ve missed something obvious I apologize for wasting time, it’s just hard to tie this support board with github issue queue and commits.

You had commented on issue https://github.com/zammad/zammad/issues/2617 which is the original issue to this problem. As far as I’m aware, to this point, it has not yet been adressed.