Bug 436403 - Cannot connect to Exchange with Hybrid Modern Authentication enabled
Summary: Cannot connect to Exchange with Hybrid Modern Authentication enabled
Alias: None
Product: Akonadi
Classification: Frameworks and Libraries
Component: EWS Resource (show other bugs)
Version: GIT (master)
Platform: Manjaro Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
Depends on:
Reported: 2021-04-30 14:06 UTC by Pavel
Modified: 2021-05-07 16:34 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:

requests/responses between ews resource and exchange (8.43 KB, text/plain)
2021-04-30 14:06 UTC, Pavel

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel 2021-04-30 14:06:05 UTC
Created attachment 138027 [details]
requests/responses between ews resource and exchange


After the company I work for turned on HMA on on-premise Exchange I can't make the EWS resource to connect, it just keeps failing with 400 Bad Request.
HMA description: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-hybrid-modern-authentication-for-exchange-on-premises/ba-p/607476

Intercepted HTTP traffic between EWS client and Exchange attached.

I've tried playing with second request's headers and paylod via curl but had no luck.

KDE Apps: 21.04
KDE Plasma Version: 5.21.4
KDE Frameworks Version: 5.81.0
Qt Version: 5.15.2
Comment 1 Krzysztof Nowicki 2021-04-30 14:35:50 UTC
Looking at the logs it seems that Akonadi EWS is requesting the token for the O365 server (outlook.office.com). This is fine for hosted Exchange. What your on-premise Exchange expects is a token for outlook.mycompany.com, hence it complains.

This address is currently hard-coded inside Akonadi EWS, so it's a bug - it should be derived from the server url or at least it should be configurable somehow.

As a workaround you can try to compile your own Akonadi EWS version - just find the ewsoauth.cpp file and in the o365Resource variable put the URL of your on-premise instance. This should get you going until I fix this.
Comment 2 Pavel 2021-05-07 16:34:02 UTC
Thanks Krzysztof, the workaround helped!

However, even with this hack, the EWS resource disconnects sporadically and has to be restart several times via akonadiconsole to reconnect. I'll try to gather some more logs next time if fails (that's really a pain as I've to intercept all traffic with mitmproxy).