Problems activating Microsoft 365 Account

  • Used Zammad version: 5.3.1-1674057058.5f657f26.buster
  • Used Zammad installation type: package
  • Operating system: debian
  • Browser + version: Chrome - Version 109.0.5414.75 (Offizieller Build) (64-Bit)

Expected behavior:

  • By using “Add Account” i should be able to add an account

Actual behavior:

  • By using “Add Account” the login-screen appears, but the link offers a wrong client-id
    Our ID configured and visible in “configure-app” starts with e5d1f726

The Button “Add Account” shows an ID starting with 82f732a7

So it ends up with an error, that this app is not configured in our tenant

Looks like ZAMMAD didn’t replace the settings placed in “configure app” in system.

Hope someone could give me a hint ot fix this.

regards

Rico

Hi Rico,

What I ended up doing was copying that Callback URL that Zammad presented (Ihre Callback-URL in your picture) and I pasted that into the URI of the application in the app instance I made for Zammad in Azure.

Hope this helps

thx 4 the reply, but unfortunately this is not the problem.
The callback-URI is correct. And I think, the Azure-Settings are completely correct.
My problem is, that I can’t change the AppId-Settings in ZAMMAD.

Somewhere in the DB are old settings with another client-id and secret.
So it’s not possible to add a new account without clearing the old settings 1st.

But I don’t want to fiddle around into the db. Still in hope there’s another way to fix this.

Here the entries from the db-backup, created with zammed-backup.sh
Searched for the wrong ID and found this:

--
-- Data for Name: external_credentials; Type: TABLE DATA; Schema: public; Owner: -
--

COPY public.external_credentials (id, name, credentials, created_at, updated_at) FROM stdin;
2	microsoft365	--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nclient_id: 82f732a7-yyyy-xxxx-cccc-dddd\nclient_secret: aUn1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ncontroller: external_credentials\naction: app_verify\nprovider: microsoft365\n	2021-06-02 09:41:56.991	2021-06-02 09:41:56.991
1	microsoft365	---\nclient_id: e5d1f726-yyyy-xxxx-cccc-dddd\nclient_secret: FMQ8Q~xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nclient_tenant: ba0ed0dexxxxxxxxxxxxxxxxxxxxxxxxxxncontroller: external_credentials\naction: app_verify\nprovider: microsoft365\n	2021-06-02 09:26:45.062	2023-01-19 14:12:52.633
\.

So there is really an entry from an old test, over one year ago …

So which options are there to fix this?

SOLVED

I unzipped the DB-dump and replaced the old client-id, secret and tenant infos with the correct ones with nano.
After that I gzipped the *.psql and started a zammad-restore.
Restore was successfully and I finally could add the new account.

Dear future anon finding this thread
Please note that the marked answer in this thread is not a suggested way to do in Zammad.
Direct changes in your database may cause issues due to skipping data validation steps and can cause data corruption if unlucky.

Proceed with caution.

If the suggested way by changing the credentials in the web-interface would have worked as expected by me, I never had tried this :wink:

Changing credentials (given you’re doing that in the right place) does work as expected and without issues.
If you do have issues then you either didn’t have enough patience for me to answer or have a different error you may have overseen. The UI, rails console or API are always the way to go.

I agree … it was my missing patience :wink:

It looks like the credentials weren’t changed “as expected” in my case. Looks like the “app config” dialog added a second entry in the DB which was not used by “add account”.

You did change that within the Microsoft channel and it did add a second entry?
You did not accidently go to Security → Microsoft 365?

Exact! We tried to change it in the channels. But this didn’t change the “old” entry. It added a second one as seen in the snippet from the db-backup.
No entries under “security” set by me.
We don’t need the user-auth by O365.

I just checked this on a current stable installation and am unable to reproduce this.
Please make sure your instance is on the latest patch level.

In case you have custom changes, make sure that they’re not at fault.
If you want to make sure that you’re on a clean data state, you can use the following destructive command.

It will clear out all external credentials for microsoft365 stored in Zammad.
Proceed after having a backup, have your credentials at hand as you’ll have to re-add them. I have not verified what happens to the channels configured - you may need to reauthenticate them.

dangerzone

Run this destructive command in your rails console (Console — Zammad documentation)

ExternalCredential.where(name: 'microsoft365').destroy_all

1 Like

Took a snapshot from vm and tested it …
Works as described. All creds deleted.
After adding the app config again and re-auth the account all is working as expected.

tyvm for ur effort

1 Like

If you could check one last thing for me:

Changing the credentials back and forth should work as expected :slight_smile:

It works as expected.
Added some chars in client-id and submitted it.
“add account” shows the changes immediately.

1 Like