Univention Bugzilla – Bug 50739
[O365] Setup wizard can currently not be completed
Last modified: 2020-09-03 11:47:27 CEST
Created attachment 10283 [details] Screenshot of authorization page One step in the O365 Setup wizard is to explicitly confirm the permissions requested by the app. This is done at the Azure webinterface and requires a user logged into the azure portal with permissions to authorize the app permissions. The browser should be redirected to the reply URL given to the Azure App setup in an earlier step, e.g. https://FQDN/univention/command/office365/authorize. However, the browser never gets redirected (i inspected the browser network requests), but the azure authorization form reappears, see example screenshot. The o365 connector never gets the required information how to start the synchronization, which would be in the POST request to the reply URL. Initialization of a new connection can not be completed.
Maybe additional permissions have to be set in Azure or given to the admin user, the azure logs show the following error when trying to authorize the app. Sign-in error code: 65001 Failure reason: Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.
Reported again
This is sort of an "API change" by Microsoft. I suggest any user who faces this issue to open an support ticket at Microsoft.
see also https://help.univention.com/t/14258
We received a report from one customer that the setup of an Azure AD connection could be completed successfully today. We could verify this in internally, we could also setup a new connection in our test environment. Users currently facing this issue are encouraged to try it in their environment as well. We are waiting for an official reponse from Microsoft before considering this issue as resolved.
Microsoft support confirmed that an issue with the granting permissions when setting up Azure apps has been resolved. The issue is considered resolved. If there are still issues please contact Univention support.
Created attachment 10291 [details] Patch to use a shared secret for o365 app setup Attached patch was a first step to complete the app setup with a shared secret instead of a certificate. This would need more cleanup of deprecated functions. In addition, the wizard would have to be adapted.
Issue has been fixed by Microsoft. Nothing to do on our side. → VERIFIED