Bug 389369 - Can't Authenticate to Office 365
Summary: Can't Authenticate to Office 365
Status: RESOLVED DUPLICATE of bug 393002
Alias: None
Product: Akonadi
Classification: Frameworks and Libraries
Component: EWS Resource (show other bugs)
Version: 5.7.2
Platform: Archlinux Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-24 12:38 UTC by Emre
Modified: 2018-05-01 08:56 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
Akonadi Ews http tracing (11.98 KB, text/plain)
2018-01-24 14:20 UTC, Emre
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Emre 2018-01-24 12:38:36 UTC
I'm giving a try to use Kmail instead of Evolution in my work setup. Our company uses Office 365. Evolution is able to connect to
     https://outlook.office365.com/EWS/Exchange.asmx
and access the mailbox with "basic" authentication, using email address as username and a special app password (otherwise we have OAUTH dual factor authentication). Same for the AquaMail app on my Android, both using EWS.

However, akonadi-ews can't connect, throws unable to connect errors, "offline" or "401" errors.

I tried adding DOMAIN field, keeping it empty, etc, it didn't make any difference. I also selected and deselected NTLMv2, no difference. I added the following to .config/QtProject/qtlogging.ini to have more details but my system does not have any .xsession-errors file (using KDE on GDM)
   [rules]
   kf5.kio.kio_http.auth=true

Here's the error I have in the system journal, email address changed for privacy.

kiod5[6190]: org.kde.kio.kpasswdserver: User = "" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0 seqNr = 2 , errorMsg = "<NoAuthPrompt>"
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1" , user= "emre.emre@company.com" se
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1"
akonadi_ews_resource[6733]: org.kde.pim.ews.client: Failed to process EWS request - HTTP code 401
kiod5[6190]: org.kde.kio.kpasswdserver: User = "" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0 seqNr = 0 , errorMsg = "<NoAuthPrompt>"
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1" , user= "emre.emre@company.com" se
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1"
akonadi_ews_resource[6733]: org.kde.pim.ews.client: Failed to process EWS request - HTTP code 401
akonadi_ews_resource[6733]: org.kde.pim.ews.client: Failed to process EWS request - HTTP code 401
 kiod5[6190]: org.kde.kio.kpasswdserver: User = "" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0
kiod5[6190]: org.kde.kio.kpasswdserver: User = "emre.emre@company.com" , WindowId = 0 seqNr = 4 , errorMsg = "<NoAuthPrompt>"
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1" , user= "emre.emre@company.com" se
kiod5[6190]: org.kde.kio.kpasswdserver: key= "https-emre.emre@company.com@outlook.office365.com:-1"
akonadi_ews_resource[6733]: org.kde.pim.ews.client: Failed to process EWS request - HTTP code 401
akonadi_ews_resource[6733]: ERROR "Failed to process EWS request - HTTP code 401"
Comment 1 Emre 2018-01-24 12:39:23 UTC
My system is an up to date Arch linux x64. As stated, Evolution is working perfectly fine on this setup.
Comment 2 Emre 2018-01-24 14:20:10 UTC
Created attachment 110092 [details]
Akonadi Ews http tracing
Comment 3 Emre 2018-01-24 14:21:14 UTC
Managed to get the http debugging on and attached the trace. Looks like it fails first, then tries Basic Auth, succeeds with a HTTP 200 OK response. Then fails again with 401.
Comment 4 Emre 2018-02-13 20:41:42 UTC
Tested on 5.7.2 as well, same result :(
Comment 5 Emre 2018-03-05 19:57:28 UTC
I progressed a bit and explained the issue here as well:
https://github.com/KrissN/akonadi-ews/issues/48

Basically, there's a disconnect between Akonadi-Ews resource and the Kwallet. EWS resource does not save the password to KWallet and then can't find it, resulting in different types of connection errors.

I managed to overcome it by manually entering the password to kwallet, either using kwalletmanager or by qdbus command like below:

qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_6 /Settings org.kde.Akonadi.Ews.Wallet.setPassword "my_app_password"

I had to re-create the account and enter the password again btw, to make folders visible in Kmail, that could be subject to another bug. (folders were visible inside the akonadi server subscriptions dialog)
Comment 6 Christian 2018-05-01 08:56:25 UTC
Probably a duplicate of bug 393002

*** This bug has been marked as a duplicate of bug 393002 ***