Basic authentication sign-in prompts are blocked by default in Microsoft 365 Apps

[mmundi72]

Our company is going to switch to Microsoft 365. Thus we are testing the Office integration with different application we are using and therefore also Redmine -> DMSF plugin.

DMSF: If a user clicks "Edit content" to edit the word or excel file the following warning is being shown by the Office client (sorry for the German screenshot):

This warning tells the user that basic authentication won't be supported in future Office versions!

Details concerning this can be found on the Microsoft Website: https://learn.microsoft.com/en-us/DeployOffice/security/basic-authentication-prompts-blocked

To open and edit an Office file is a very important feature of the DMSF plugin. Therefore it is important to make sure that this change in Microsoft 365 is also supported by the DMSF plugin.

[picman]

Any suggestion how to solve it on the server side?

[mmundi72]

We are trying to get some more information from Microsoft and maybe we come up with a solution or at least with some ideas.

[m9o7h]

Any update?

[mmundi72]

Our IT department is just rolling out the following Office version: Microsoft 365 Apps for Enterprise - Version 2402 (Build 17328.20282).

With this version it is no more possible to directly open and edit an office document from the browser. Office just shows an "Access denied" error.

The following workaround is still working, though: Map a WebDav drive to Redmine DMSF. From the Windows Explorer it is possible to open the document. Office shows an error but that can be ignored (just click cancel) - the document will be shown and can be edited. Saving is working.

Unfortunately we haven't received any useful information from Microsoft how this can be solved. They mention that all application need to support "Modern Authentiction":

Modern authentication enables authentication features like multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0.

Best would be if DMSF would support OAuth 2.0 ???

[mmundi72]

@picman What about this Plugin to combine with DMSF for the Office integration? https://github.com/kontron/redmine_oauth

[picman]

Tell me how, I will do that...

[mmundi72]

I'm not a developer. We just have the issue that it's not working anymore with the latest Microsoft Office version.

[mmundi72]

A colleague sent me the following page as a tip regarding WebDAV authentication: https://www.webdavsystem.com/server/documentation/choosing_authentication

As I am not familiar with all the authentication stuff, I do not know, if that is of any help. Maybe it's possible to map a WebDAV drive to DMSF using MS-OFBA (or mixed authentication as mentioned at the end of the page). Responsble for this is the WebDAV server (=DMSF).

[picman]

I'm about implementing Digest authentication. Do you have any information that the new Microsoft 365 wouldn't support it?

[mmundi72]

No, unfortunately not. Microsoft just says, that Basic Authentication is not supported anymore...

[picman]

I've added a support for Digest authentication. How it works:

1. Switch to Digest authentication in plugin's settings.
2. Generate DMSF WebDAV digest in My account.
3. Use your Redmine credentials to log in from a WebDAV client. I've tested Gnome/Files, Cadaver, Microsoft Windows 10 and Microsoft Office 14 Could you test the devel branch with Microsoft 365 Apps?

[picman]

I think that we could a bit simplify the process for users by generating/updating user's digest after a successful login to Redmine. What do you think?

[picman]

In general I think that it's a good idea, so I have done so. After a successful login to Redmine using login and password, a user's digist is automatically generated/updated.