Question

EmailTemplates Module with AzureAD Error

1

I recently upgraded the EmailTemplates module in an app to the latest version and I am having trouble getting Azure AD authentication to work. I followed the steps here to configure Azure AD authentication for this app: https://docs.mendix.com/appstore/modules/email-with-templates/#configure-azure-ad After doing this, I tried to set up an email configuration and authenticate it with Azure AD. I was prompted for my username and password, asked to consent to the app using my account information and then received this page: The logs show this error Any suggestions for troubleshooting and resolving this error would be much appreciated!

asked 2022-08-25

Mike Kumpf

1 answers

Ronald Catersels · Answer 1 · 2023-04-03

And you all made sure that the callback URL as defined when setting up the account is the same as the one you have provided in your app registration in Azure? From the screenshot it is hard to see what the callback URL was.

Regards,

Ronald

Colin McGowan · Answer 2 · 2023-04-04

We had a similar issue to this ourselves and the ultimate cause was by a SameSite Cookie being set to strict.

Mendix support suggested that ...

In Mendix, the session cookies are marked by default as SameSite=Strict. Those cookies will not be sent when cross-site redirection happens, which results in null session in java action during OAuth flow.
A quick fix is using Runtime Customization as com.mendix.core.SameSiteCookies=Lax. The setting SameSite as Lax will allow the browser to send session-related cookies, even when cross-site redirection occurs (only when the user is navigating to the origin).
It is worth mentioning that Mendix recommends SameSite attribute value as Strict to prevent CSRF attacks. However, setting it to LAX will still prevent CSRF (up to some extent).

Further Issue
We had a subsequent issue where our Azure username and email address differed e.g. username@email.com and emailaddress@email.com .
When the OAuth authenticate receives the payload, it takes the email address and overwrites the EmailSettings.UserName. Then when trying to send a test email; it will use the email address as the user name. (2 options to fix this, change Azure emailaddress to username or hack the EmailTemplates module to set appropriately)

As Ronald Mention within the comments which initially caught us before this issue.

Check that the callback matches what is in Azure.
leave signin_et/ alone