Bug 46493 – Additional permissions required by azure app

Bug 46493 - Additional permissions required by azure app


Summary:	Additional permissions required by azure app

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Office 365
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3
Assigned To:	Daniel Tröder
QA Contact:	Erik Damrose

URL:
Keywords:	interim-3

Depends on:
Blocks:	46259 46496
	Show dependency tree / graph

Reported:	2018-03-05 15:00 CET by Erik Damrose
Modified:	2018-03-14 14:38 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.206
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2018-03-05 15:00:55 CET

When setting up a new office365 app in azure, it seems that since some time additional permissions are required.

New connections set up currently MUST follow this guide https://beuermann.azurewebsites.net/2017/09/07/fehler-authorization_requestdenied-in-azure-active-directory-beim-zugriff-ueber-graph-api/

to be able to finish the wizard.

Click path is: Azure Active Directory > App-Registrierungen > <name> > Einstellungen > Erforderliche Berechtigungen

Otherwise, an error will be logged by the wizard after the consent screen:


05.03.18 14:21:03.632  LISTENER    ( ERROR   ) : o365(D): azure_handler.call_api:183  GET https://graph.windows.net/35f78b54-b385-49e0-a28d-a22cf4f9ee6c/users?api-version=1.6 data: None
05.03.18 14:21:04.352  LISTENER    ( ERROR   ) : o365(I): azure_handler.call_api:214  status: 403 (FAIL) Code: Authorization_RequestDenied (GET https://graph.windows.net/35f78b54-b385-49e0-a28d-a22cf4f9ee6c/users?api-version=1.6)
05.03.18 14:21:04.353  LISTENER    ( ERROR   ) : o365(E): azure_handler.__init__:144  Insufficient privileges to complete the operation.
05.03.18 14:21:04.353  MODULE      ( PROCESS ) : Insufficient privileges to complete the operation.

Comment 1 Daniel Tröder

2018-03-05 20:28:11 CET

The steps required are described in text and pictures in the wizard now.

[4.3 96f95d7] Bug #46493: add instructions to wizard for additional permission granting step, Bug #45425: update texts and screenshots to guide through new Azure portal

Package: univention-office365
Version: 2.0.0-2A~4.3.0.201803052025
Branch: ucs_4.3-0
Scope: office365

Comment 2 Erik Damrose

2018-03-06 11:55:07 CET

OK: Screenshots and description
OK: present in current 4.3 test app center app

Comment 3 Stefan Gohmann

2018-03-14 14:38:37 CET

UCS 4.3 has been released:
 https://docs.software-univention.de/release-notes-4.3-0-en.html
 https://docs.software-univention.de/release-notes-4.3-0-de.html

If this error occurs again, please use "Clone This Bug".