O365Interactive authentication apparently succeeds, but hangs afterward

Brought to you by: mguessan

#355 O365Interactive authentication apparently succeeds, but hangs afterward

Milestone: v5.2.0

Status: closed

Owner: nobody

Labels: None

Priority: 5

Updated: 2019-06-19

Created: 2019-05-28

Creator: Bryan Wright

Private: No

I'm using davmail 5.2.0-2961-1 under Ubuntu 18.04 with Thunderbird. Davmail is set for O365Interactive authentication. Java is openjdk-11-jre version 11.0.3. When I tell Thunderbird to check for mail, davmail pops up a java web browser window that takes me through the steps of my institutions MFA authentication (we're using Duo). After accepting the login with my phone, however, the popup window just goes blank and stays there. Eventually, Thunderbird says that authentication timed out.

Discussion

Mickael Guessant - 2019-06-03

Ok, there is probably something special with Duo MFA, I don't have an instance to check this.

You may want to try the new experimental manual authenticator, see:
https://sourceforge.net/p/davmail/discussion/644057/thread/553689497b/?limit=25

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mickael Guessant - 2019-06-04

Additional note: the blank window is related to an OpenJFX bug. I harcoded a workaround for native Microsoft and Okta cases, would need more details on Duo authentication to investigate.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bryan Wright - 2019-06-12

Thanks for your advice. Apologies for not getting back to this sooner. It turns out that the problem was solved by just entering the client ID in the davmail configuration. I was surprised because the behavior under CentOS 7 is different: there, if you don't enter the client ID you get a message like the attached image. Now I have davmail running successfully under both CentOS 7 and Ubuntu 18.04. Thanks for creating it. I'm still struggling with Windows 10, but I'll start a new thread for that.

davmail-admin-request.png

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mickael Guessant - 2019-06-13

Without a custom clientId DavMail uses DavMail application clientId (created by me on Microsoft registration page). This will not work when O365 admins block custom applications.

However clientId is just a client side parameter => you can use any allowed clientId instead.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bryan Wright - 2019-06-13

Our local admins created an application ID for davmail, so that's what I'm using. So far, it's working great. Thanks so much for creating it.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mickael Guessant - 2019-06-19

Great, that's the right way to allow application access to your tenant.

Closing issue

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mickael Guessant - 2019-06-19

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.