Created attachment 138027 [details] requests/responses between ews resource and exchange SUMMARY After the company I work for turned on HMA on on-premise Exchange I can't make the EWS resource to connect, it just keeps failing with 400 Bad Request. HMA description: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-hybrid-modern-authentication-for-exchange-on-premises/ba-p/607476 Intercepted HTTP traffic between EWS client and Exchange attached. I've tried playing with second request's headers and paylod via curl but had no luck. SOFTWARE/OS VERSIONS KDE Apps: 21.04 KDE Plasma Version: 5.21.4 KDE Frameworks Version: 5.81.0 Qt Version: 5.15.2
Looking at the logs it seems that Akonadi EWS is requesting the token for the O365 server (outlook.office.com). This is fine for hosted Exchange. What your on-premise Exchange expects is a token for outlook.mycompany.com, hence it complains. This address is currently hard-coded inside Akonadi EWS, so it's a bug - it should be derived from the server url or at least it should be configurable somehow. As a workaround you can try to compile your own Akonadi EWS version - just find the ewsoauth.cpp file and in the o365Resource variable put the URL of your on-premise instance. This should get you going until I fix this.
Thanks Krzysztof, the workaround helped! However, even with this hack, the EWS resource disconnects sporadically and has to be restart several times via akonadiconsole to reconnect. I'll try to gather some more logs next time if fails (that's really a pain as I've to intercept all traffic with mitmproxy).