New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO via ADFS 2016 #1250
Comments
The certificate which is used for your adfs domain you specified in the generic oauth settings could not be verified. Maybe it's self signed? |
All certificates within the company are issued by our internal Root CA. How can i add this trust? |
@martini we had this before but I can't find it. Can you help? |
Any idea on how to get this working? What part of zammad do we have to edit? |
Hi @sschroll - you might want to take a look at these two issues: There are different ways to handle OAuth2 results and it seems yours is currently not supported. We managed to get a workaround as described in these issues but it's currently not implemented as a general solution. There is an open issue to address this but we are currently working on other features. Hope it helps. 🤞 |
Any chance we can reproduce this somewhere/somehow? |
No feedback in more than two weeks -> closing. Feel free to provide further information. |
Infos:
Hi there :)
i know there are some open/closed Issues regarding ADFS and zammad but these are regarding the "old" ADFS 2012r2 und SAML. The new ADFS now supports OAUTH2:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-oauth-confidential-clients-with-ad-fs-2016
So i followed the instructions and created an Application Group:
With this Information I filled in the Zammad "Authentication via Generic OAuth2"
Now when I try to logon I get the following "Error-message" with the following Error in "/home/zammad/log/production.log"
/home/zammad/log #
So the problem seems to be "certificate verify failed". The question is which cert?
Thanks for any help :)
Best regards from Nürnberg,
Sebastian
The text was updated successfully, but these errors were encountered: