cancel
Showing results for 
Search instead for 
Did you mean: 

O365 OAuth connection failed due to missing SSL module

TaigaWoods
Contributor

Dear all,

we are about to change the O365 login from "Basic Authentication" (Username/Password) to "OAuth".

I've run the get-py.ps1 from "Python for CEM" directory and then installed the VU with "Python for CEM" software.

I also got the Client ID, Tenant ID and a secret, so that I can configure the E-Mail settings in IA.

All is done (I think it's all correct) but in CEM logs I get ERR (error) messages.

(07736/Sm3:ChannelPeriodicTaskSM) TRC> MS365SessionServer.start_session : 'Server': 'https://login.microsoftonline.com/<tenant-id>', 'Account': '<user>@<domain>.com', 'ClientID': '<client ID>', 'Secret': '...'
(07736/Sm3:ChannelPeriodicTaskSM) DBG> MS365SessionServer.start_session : ConfidentialClientApplication params : 'clientId': '<client ID>', 'Authority': 'https://login.microsoftonline.com/<tenant-id>', 'Proxies': None
(07736/Sm3:ChannelPeriodicTaskSM) ERR> [EXC] : MS365SessionServer.start_session : Failed to create ConfidentialClientApplication
(07736/Sm3:ChannelPeriodicTaskSM) ERR> <class 'requests.exceptions.SSLError'> : HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /<tenant-id>/v2.0/.well-known/openid-configuration (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available."))
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: D:\CodeCommit\Jenkins\cc365-master\src\CEM\Python\Office365Mail.py ( 519) Func: start_session <>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\msal\application.py ( 197) Func: __init__ <self.authority = Authority(>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\msal\authority.py ( 83) Func: __init__ <openid_config = tenant_discovery(>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\msal\authority.py ( 141) Func: tenant_discovery <resp = http_client.get(tenant_discovery_endpoint, **kwargs)>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\requests\sessions.py ( 543) Func: get <return self.request('GET', url, **kwargs)>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\requests\sessions.py ( 530) Func: request <resp = self.send(prep, **send_kwargs)>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\requests\sessions.py ( 643) Func: send <r = adapter.send(request, **kwargs)>
(07736/Sm3:ChannelPeriodicTaskSM) ERR> File: E:\SAP\BCM\VU\DEV_CoreRouter_1\python\BuiltIn\lib\site-packages\requests\adapters.py ( 514) Func: send <raise SSLError(e, request=request)>

 

It's pretty strange that CEM is trying to access an folder outside of the installation directory at "D:\CodeCommit\Jenkins\..."

 

From CCtr server itself I can access the url

https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

in a browser without any problem

 

@Sinch:
I've tried to access https://jira.digitalinterconnect.com/servicedesk/customer/portal/35 to create an incident but I get an "504 Gateway Time-out" response.

 

Does any one else has successfully setup O365 with OAuth at Sinch CCtr on-prem 7.0.18.0 ?

 

BR, Taiga

1 REPLY 1

Jukka
Employee
Employee

Hi, 

There were an issue last week with our ticket system which should be fixed now. Please try to create a ticket now. 

 

The error where you see CEM trying to access d:\codecommit\... is something that comes from our technical implementation and you should not worry about that. You can consider that message as indication that there is an issue in code or a configuration problem. Most important for support to troubleshoot is line above that. 

 

****

Then access to O365 topic: the integration requires SSL libraries, which are not delivered in software package due to shipping limitations. In practice these are python modules and that's the reason you need to bring your own Python. Also you should no compare access between browser and Contact Pro because both are using totally different methods for SSL connections (browsers uses what OS provides, Contact Pro goes via Python modules). 

 

Based on the error message in the log I would say that Contact Pro and O365 cannot agree about used encryption format and that's why the connection doesn't work. Or another option is that the Python you have installed is not in use, the Python system uses is printed on top of the log file. Please check that. 

 

Anyways, would recommend to continue this discussion at support ticket side as we definitely need more information that can be classifies as confidential. 

And yes, we do have onprem customers who have succeeded with O365 integration.

 

BR,
Jukka