Uploaded image for project: 'Atlassian Product Integrations'
  1. Atlassian Product Integrations
  2. API-629

Getting "AUTHENTICATION_FAILED" when using Exchange 2016 CU 23

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 1.0
    • Jira Cloud for Outlook
    • None
    • Severity 3 - Minor

      Issue Summary

      This is reproducible on Data Center: No

      Steps to Reproduce

      1. Install the Jira Outlook
      2. Launch the Outlook plugin

      Expected Results

      Prompt to link a Jira Cloud Site

      Actual Results

      The below exception pops up

      {
  "code": "AUTHENTICATION_FAILED",
  "message": "Cannot read properties of undefined (reading 'find')",
  "reqId": "46e36982-efb5-44d0-97e5-c33c2c813df0"
}

      Workaround

      None

            [API-629] Getting "AUTHENTICATION_FAILED" when using Exchange 2016 CU 23

            Vitalii Saienko (Inactive) added a comment -

            Hello 6e0a867595f9 

            Thanks for writing to us back.

            I'm not sure why the /autodiscover/metadata/json/1 endpoint is not documented on that page but it's mentioned on this page about validating the identity token which we deal with in Jira Cloud for Outlook add-in.

            Unfortunately, we do not control which Autodiscover URL to use from our side. The URL is provided securely in the identity token by Outlook and we read the URL from there.

            I'd suggest you reach out to Microsoft support if you have any other questions about Autodiscover URL. They can provide more information about Autodiscover URLs and how to set them up for Outlook add-ins to work properly. Please let me know if you had a chance to resolve this issue on your side.

            Vitalii Saienko (Inactive) added a comment - Hello 6e0a867595f9   Thanks for writing to us back. I'm not sure why the  /autodiscover/metadata/json/1 endpoint is not documented on that page but it's mentioned on this page about validating the identity token which we deal with in Jira Cloud for Outlook add-in. Unfortunately, we do not control which Autodiscover URL to use from our side. The URL is provided securely in the identity token by Outlook and we read the URL from there. I'd suggest you reach out to Microsoft support if you have any other questions about Autodiscover URL. They can provide more information about Autodiscover URLs and how to set them up for Outlook add-ins to work properly. Please let me know if you had a chance to resolve this issue on your side.

            EL OUFIR Sanae added a comment -

            Hello 

            According the official documentation of Microsoft for our Version Exchange 16 this Autodiscover Link is the following : https://learn.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019

            and not the one that you are sharing

            EL OUFIR Sanae added a comment - Hello  According the official documentation of Microsoft for our Version Exchange 16 this Autodiscover Link is the following : https://learn.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019 and not the one that you are sharing

            Vitalii Saienko (Inactive) added a comment -

            Hello,

            Unfortunately, https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml won't work for us, we don't control which URL to use. The URL is coming from the Exchange identity token which we get from the Outlook client, we parse that URL from the token and then send a request to that URL to get the public key. Here's more about the token validation.

            The URL that the Exchange Identity token contains for your Exchange server is https://exchange.leyton.com:443/autodiscover/metadata/json/1.

            The payload should be pretty similar to this one https://outlook.office365.com/autodiscover/metadata/json/1. The URL should also respond with 200 HTTP status code.

            Vitalii Saienko (Inactive) added a comment - Hello, Unfortunately, https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml won't work for us, we don't control which URL to use. The URL is coming from the Exchange identity token which we get from the Outlook client, we parse that URL from the token and then send a request to that URL to get the public key. Here's more about the token validation . The URL that the Exchange Identity token contains for your Exchange server is https://exchange.leyton.com:443/autodiscover/metadata/json/1 . The payload should be pretty similar to this one https://outlook.office365.com/autodiscover/metadata/json/1 . The URL should also respond with 200 HTTP status code.

            EL OUFIR Sanae added a comment -

            Hello

            we have already seen with our network administrator the only address to use is the one we have already sent.
            https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml
            Have you been able to test it?

            EL OUFIR Sanae added a comment - Hello we have already seen with our network administrator the only address to use is the one we have already sent. https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml Have you been able to test it?

            Vitalii Saienko (Inactive) added a comment -

            Hi 6e0a867595f9 

            The URL that should be publicly accessible is https://exchange.leyton.com:443/autodiscover/metadata/json/1. When I open it in the browser, I see the login page, so it's not accessible.

            Could you please talk to your network administrator so they could open this URL? Once it's done, the integration should start working.

            Vitalii Saienko (Inactive) added a comment - Hi 6e0a867595f9   The URL that should be publicly accessible is https://exchange.leyton.com:443/autodiscover/metadata/json/1 . When I open it in the browser, I see the login page, so it's not accessible. Could you please talk to your network administrator so they could open this URL? Once it's done, the integration should start working.

            EL OUFIR Sanae added a comment -

            Hello

            Please note that our problem is not yet solved we were waiting for the answer of our network administrator who was on vacation.

            Our Autodiscover address is:

            https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml

            thanks in advance

            EL OUFIR Sanae added a comment - Hello Please note that our problem is not yet solved we were waiting for the answer of our network administrator who was on vacation. Our Autodiscover address is: https://autodiscover.leyton.com/Autodiscover/Autodiscover.xml thanks in advance

            Vitalii Saienko (Inactive) added a comment -

            Thank you, 6e0a867595f9, this helps. I verified it on our side, and seems like it doesn't work because of the misconfiguration of your Exchange server.

            The context of the problem

            Here are some technical details of what's going on.

            In order to secure the connections between Outlook and Jira Cloud for Outlook add-in, Outlook provides us with a token that we use to sign all requests coming to our server. This token allows us to verify that the request is coming from you and not some attacker. In order to verify this token on our side, we need to load a public key available at your Exchange server. The URL we use to download that public key is also known as Autodiscover URL. More details about token validation here.

            The reason the add-in doesn't work for you is that the Autodiscover URL of your Exchange server is not publically available and for that reason, we can't download the public key and verify the token.

            How to fix the problem?

            To make it work, your admins who manage the Exchange server, should make the Autodiscover URL either public or allow access to it from the IP addresses listed on this page (more specifically https://ip-ranges.atlassian.com).

            Because this issue is publically available, I can't share the exact URL which is blocked, otherwise I'd expose your company's site. The structure of the URL is the following:

            https://exchange.<your-company-domain>:443/autodiscover/metadata/json/1

            Here are more information about Autodiscover feature of Exchange server for your admins:

             

            Let me know if that helps.

            Vitalii Saienko (Inactive) added a comment - Thank you, 6e0a867595f9 , this helps. I verified it on our side, and seems like it doesn't work because of the misconfiguration of your Exchange server. The context of the problem Here are some technical details of what's going on. In order to secure the connections between Outlook and Jira Cloud for Outlook add-in, Outlook provides us with a token that we use to sign all requests coming to our server. This token allows us to verify that the request is coming from you and not some attacker. In order to verify this token on our side, we need to load a public key available at your Exchange server. The URL we use to download that public key is also known as Autodiscover URL. More details about token validation here . The reason the add-in doesn't work for you is that the Autodiscover URL of your Exchange server is not publically available and for that reason, we can't download the public key and verify the token. How to fix the problem? To make it work, your admins who manage the Exchange server, should make the Autodiscover URL either public or allow access to it from the IP addresses listed on this page (more specifically https://ip-ranges.atlassian.com ). Because this issue is publically available, I can't share the exact URL which is blocked, otherwise I'd expose your company's site. The structure of the URL is the following: https: //exchange.<your-company-domain>:443/autodiscover/metadata/json/1 Here are more information about Autodiscover feature of Exchange server for your admins: Autodiscover for Exchange Autodiscover service in Exchange Server   Let me know if that helps.

            EL OUFIR Sanae added a comment -

            here is another one from a colleague's house

            { "code": "AUTHENTICATION_FAILED", "message": "Failed to get public key", "reqId": "03938e03-539c-4f0f-95b0-896620cbb036" }

            EL OUFIR Sanae added a comment - here is another one from a colleague's house { "code": "AUTHENTICATION_FAILED", "message": "Failed to get public key", "reqId": "03938e03-539c-4f0f-95b0-896620cbb036" }

            EL OUFIR Sanae added a comment -

            for your information it doesn't work even from outside our domain

             

            EL OUFIR Sanae added a comment - for your information it doesn't work even from outside our domain  

            EL OUFIR Sanae added a comment -

            here is the reqId : 
            "reqId": "d986e58b-a397-4895-9440-2706490a3362"

            EL OUFIR Sanae added a comment - here is the reqId :  "reqId": "d986e58b-a397-4895-9440-2706490a3362"

              vsaienko Vitalii Saienko (Inactive)
              6e0a867595f9 EL OUFIR Sanae
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated: