Hello,
our users cannot authenticate in the New Teams App. We are always encountering an error HTTP 400.
We are using the Microsoft 365 Connector and Univention Single-Sign-On with a reverse proxy (nginx). If a user tries to log in to the New Teams App (from a non-domain-joined workstation), the user receives a Windows authentication prompt, and subsequently, an HTTP 400 Error occurs.
A login in the browser at office.com and the old Teams app is working flawlessly with the same account. Only the login with the internal Windows prompt in the new Teams app is not functioning
Log of the Reverse-Proxy
[22/Feb/2024:18:45:29 +0000] - 200 200 - POST https login.falbk.schule "/univention/get/session-info" [Client 192.168.2.4] [Length 97] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "https://login.falbk.schule/univention/management/?header=try-hide&overview=false&menu=false"
[22/Feb/2024:18:45:29 +0000] - 200 200 - POST https login.falbk.schule "/univention/get/session-info" [Client 192.168.2.4] [Length 97] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "https://login.falbk.schule/univention/management/?header=try-hide&overview=false&menu=false"
[22/Feb/2024:18:45:30 +0000] - 200 200 - POST https login.falbk.schule "/univention/get/session-info" [Client 192.168.2.4] [Length 97] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "https://login.falbk.schule/univention/management/?header=try-hide&overview=false&menu=false"
[22/Feb/2024:18:45:30 +0000] - 200 200 - POST https login.falbk.schule "/univention/get/session-info" [Client 192.168.2.4] [Length 97] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "https://login.falbk.schule/univention/management/?header=try-hide&overview=false&menu=false"
[22/Feb/2024:18:45:31 +0000] - 200 200 - POST https login.falbk.schule "/univention/get/session-info" [Client 192.168.2.4] [Length 97] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "https://login.falbk.schule/univention/management/?header=try-hide&overview=false&menu=false"
[22/Feb/2024:18:46:44 +0000] - 400 400 - POST https login.falbk.schule "/simplesamlphp/saml2/idp/SSOService.php" [Client 37.201.229.215] [Length 6015] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045" "https://login.microsoftonline.com/organizations/oauth2/authorize?response_type=code&client_id=XXXXXX&redirect_uri=ms-appx-web%3a%2f%2fMicrosoft.AAD.BrokerPlugin%XXXXXX&add_account=multiple&scope=profile+https%3a%2f%2fapi.spaces.skype.com%2f.default+offline_access+openid&prompt=login&login_hint=XXXXX%40falbk.schule&response_mode=form_post&wam_compat=2.0&x-client-SKU=MSAL.xplat.Win32&x-client-Ver=1.1.0%2b00747db6&x-client-OS=10.0.19041.3636&x-client-src-SKU=MSAL.xplat.Win32&mkt=de-de&windows_api_version=2.0.1&sso_nonce=XXXXXXrequest-id=XXXXXX"
[22/Feb/2024:18:46:44 +0000] - - 499 - GET https login.falbk.schule "/univention/js/dijit/themes/umc/umc.css" [Client 37.201.229.215] [Length 0] [Gzip -] [Sent-to backup1.internal.falbk.schule] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045" "https://login.falbk.schule/simplesamlphp/saml2/idp/SSOService.php"
Is anyone else experiencing these issues, and are there any tips for troubleshooting?
Deutsch:
Hallo, unsere Benutzer können sich nicht in der neuen Teams-App authentifizieren. Wir stoßen immer auf einen Fehler HTTP 400.
Wir verwenden den Microsoft 365 Connector und das Univention Single-Sign-On mit einem Reverse-Proxy (nginx). Wenn sich ein Benutzer versucht in der neuen Teams-App anzumelden (von einem nicht-domänenverbundenen Arbeitsplatz aus), erhält der Benutzer eine Windows-Authentifizierungsaufforderung, und anschließend tritt immer ein HTTP 400 Fehler auf.
Hat noch jemand diese Probleme und gibt es Tipps zur Fehlerbehebung?