EWS support for Office365 Azure MFA?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

EWS support for Office365 Azure MFA?

PJ Waskiewicz
Hi folks,

My employer is going to be turning on MFA for Office365 in the next
few months.  We have a relatively large Linux developer base, with
varying use cases for email.  Many of us use evolution with EWS
currently, and this will no longer work once MFA is enabled.

Are there plans to build in MFA support for evolution-ews?  I've
looked around various forums, and have found nothing.  If it's
something not in current plans, how does one go about requesting the
feature to be looked at?

Cheers,
-PJ Waskiewicz
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

Patrick O'Callaghan
On Mon, 2016-12-05 at 13:24 -0700, PJ Waskiewicz wrote:

> Hi folks,
>
> My employer is going to be turning on MFA for Office365 in the next
> few months.  We have a relatively large Linux developer base, with
> varying use cases for email.  Many of us use evolution with EWS
> currently, and this will no longer work once MFA is enabled.
>
> Are there plans to build in MFA support for evolution-ews?  I've
> looked around various forums, and have found nothing.  If it's
> something not in current plans, how does one go about requesting the
> feature to be looked at?

You might want to explain what MFA is. I for one have no idea.

poc
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

PJ Waskiewicz
On Mon, Dec 5, 2016 at 1:40 PM, Patrick O'Callaghan <[hidden email]> wrote:

> On Mon, 2016-12-05 at 13:24 -0700, PJ Waskiewicz wrote:
>> Hi folks,
>>
>> My employer is going to be turning on MFA for Office365 in the next
>> few months.  We have a relatively large Linux developer base, with
>> varying use cases for email.  Many of us use evolution with EWS
>> currently, and this will no longer work once MFA is enabled.
>>
>> Are there plans to build in MFA support for evolution-ews?  I've
>> looked around various forums, and have found nothing.  If it's
>> something not in current plans, how does one go about requesting the
>> feature to be looked at?
>
> You might want to explain what MFA is. I for one have no idea.

Hi Patrick,

Sorry about that.  MFA = Multi-factor authentication.  You would
provide your username and password like normal through EWS, but there
would be a second password you'd provide that would come from another
application, such as Google Authenticator, or MobilePass, or Duo, etc.
This can be an application running on your phone to generate the code,
you can have it send push requests to your phone, or the password can
come from an old-school token ID generator (like the old RSA tokens
used for VPNs, etc.).

Office365 has support to extend EWS to include MFA as part of the
login credentials.  Here's a link I found on the server side to
configure it for a user, to help better illustrate what this is:
https://support.office.com/en-us/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6

Basically I'm looking for any help if this extra authentication is
being considered for evolution-ews, or if it can be considered if it
currently isn't.

Any other questions, please let me know!

Cheers,
-PJ
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

Patrick O'Callaghan
On Mon, 2016-12-05 at 13:45 -0700, PJ Waskiewicz wrote:
> Sorry about that.  MFA = Multi-factor authentication.  You would
> provide your username and password like normal through EWS, but there
> would be a second password you'd provide that would come from another
> application, such as Google Authenticator, or MobilePass, or Duo, etc.
> This can be an application running on your phone to generate the code,
> you can have it send push requests to your phone, or the password can
> come from an old-school token ID generator (like the old RSA tokens
> used for VPNs, etc.).

OK. I've usually seen it written 2FA. I already have that with my Gmail
accounts, which I access from Evo using OAuth. If EWS supports OAuth
then I guess it should work, but Milan might be able to clear this up.

poc
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

PJ Waskiewicz
On Mon, Dec 5, 2016 at 3:27 PM, Patrick O'Callaghan <[hidden email]> wrote:

> On Mon, 2016-12-05 at 13:45 -0700, PJ Waskiewicz wrote:
>> Sorry about that.  MFA = Multi-factor authentication.  You would
>> provide your username and password like normal through EWS, but there
>> would be a second password you'd provide that would come from another
>> application, such as Google Authenticator, or MobilePass, or Duo, etc.
>> This can be an application running on your phone to generate the code,
>> you can have it send push requests to your phone, or the password can
>> come from an old-school token ID generator (like the old RSA tokens
>> used for VPNs, etc.).
>
> OK. I've usually seen it written 2FA. I already have that with my Gmail
> accounts, which I access from Evo using OAuth. If EWS supports OAuth
> then I guess it should work, but Milan might be able to clear this up.

Thanks for the reply.

It looks like EWS on Office365 supports Oauth:
https://msdn.microsoft.com/en-us/library/office/dn903761(v=exchg.150).aspx

Now to see if this will actually work...I'll see what Milan comes back
with though.

Thanks again for the replies and info.

Cheers,
-PJ
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

Milan Crha
On Mon, 2016-12-05 at 16:44 -0700, PJ Waskiewicz wrote:
> It looks like EWS on Office365 supports Oauth:
> https://msdn.microsoft.com/en-us/library/office/dn903761(v=exchg.150).aspx

        Hi,
there seem to be more and more services switching to/using OAuth(2),
being it for example Yahoo!, Google and now also Office365. The only
OAuth2 implementation directly in the evolution is for Google
currently. GNOME Online Accounts can do more, but I do not think they
support it for EWS (I do not know for sure). There would still be
required other changes on the evolution-ews side, to advertise proper
authentication method in the headers when talking to the server.

It's still doable, the Google OAuth2 implementation is the proof, but
it looks harder for the Office365. I didn't read the links you gave
thoroughly, thus it needs more investigation. One thing is that I do
not have any test account on the Office365, neither with the two-factor
authentication enabled, thus it's even harder to do anything with it.

We can start with a bug filling at:
https://bugzilla.gnome.org/enter_bug.cgi?product=evolution-ews&version=3.23.x&short_desc=Support%20OAuth%20authentication
but more coordination would be required to move it anywhere close
to the resolution.
        Bye,
        Milan
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

PJ Waskiewicz
Hi Milan,

On Tue, Dec 6, 2016 at 12:37 AM, Milan Crha <[hidden email]> wrote:

> On Mon, 2016-12-05 at 16:44 -0700, PJ Waskiewicz wrote:
>> It looks like EWS on Office365 supports Oauth:
>> https://msdn.microsoft.com/en-us/library/office/dn903761(v=exchg.150).aspx
>
>         Hi,
> there seem to be more and more services switching to/using OAuth(2),
> being it for example Yahoo!, Google and now also Office365. The only
> OAuth2 implementation directly in the evolution is for Google
> currently. GNOME Online Accounts can do more, but I do not think they
> support it for EWS (I do not know for sure). There would still be
> required other changes on the evolution-ews side, to advertise proper
> authentication method in the headers when talking to the server.
>
> It's still doable, the Google OAuth2 implementation is the proof, but
> it looks harder for the Office365. I didn't read the links you gave
> thoroughly, thus it needs more investigation. One thing is that I do
> not have any test account on the Office365, neither with the two-factor
> authentication enabled, thus it's even harder to do anything with it.

If I were able to secure you a test account with two-factor enabled,
would that help?  I'm not saying I can (I need to beg my IT
overlords), but they are motivated to help our Linux user base, so I
might have enough leverage to make it happen.

> We can start with a bug filling at:
> https://bugzilla.gnome.org/enter_bug.cgi?product=evolution-ews&version=3.23.x&short_desc=Support%20OAuth%20authentication
> but more coordination would be required to move it anywhere close
> to the resolution.

Thank you for the reply and interest, and opening the bug to track
this.  I'll see if I can get you access to an environment that would
enable development and testing, if you think it'd be useful.

Cheers,
-PJ
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

Milan Crha
On Tue, 2016-12-06 at 00:54 -0800, PJ Waskiewicz wrote:
> If I were able to secure you a test account with two-factor enabled,
> would that help?

        Hi,
yes, that would surely help. We can setup details in private, there's
nothing to be shared publicly for sure (definitely not login
credentials).

> Thank you for the reply and interest, and opening the bug to track
> this.

Actually, I didn't open a bug report for it. Clicking the link will
open a form to be filled with some prefilled values. I'd prefer if you
could open the bug report (it looks always better when I close bugs
filed by others, rather than filled by me).
        Thanks and bye,
        Milan
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

PJ Waskiewicz
On Tue, Dec 6, 2016 at 1:48 AM, Milan Crha <[hidden email]> wrote:
> On Tue, 2016-12-06 at 00:54 -0800, PJ Waskiewicz wrote:
>> If I were able to secure you a test account with two-factor enabled,
>> would that help?
>
>         Hi,
> yes, that would surely help. We can setup details in private, there's
> nothing to be shared publicly for sure (definitely not login
> credentials).

I'll connect with you from my work account offline in the event my IT
overlords are ok with carving out a test account.  I've already sent
off the request.

>> Thank you for the reply and interest, and opening the bug to track
>> this.
>
> Actually, I didn't open a bug report for it. Clicking the link will
> open a form to be filled with some prefilled values. I'd prefer if you
> could open the bug report (it looks always better when I close bugs
> filed by others, rather than filled by me).

And this is what I get for replying to emails really late at night,
and not checking links.  I'll go ahead and get the bug opened to track
it.  Thanks for the help!

Cheers,
-PJ
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: EWS support for Office365 Azure MFA?

PJ Waskiewicz
Hi Milan,

On Tue, Dec 6, 2016 at 1:54 AM, PJ Waskiewicz <[hidden email]> wrote:
> On Tue, Dec 6, 2016 at 1:48 AM, Milan Crha <[hidden email]> wrote:

[...]

> I'll connect with you from my work account offline in the event my IT
> overlords are ok with carving out a test account.  I've already sent
> off the request.
>
>>> Thank you for the reply and interest, and opening the bug to track
>>> this.
>>
>> Actually, I didn't open a bug report for it. Clicking the link will
>> open a form to be filled with some prefilled values. I'd prefer if you
>> could open the bug report (it looks always better when I close bugs
>> filed by others, rather than filled by me).
>
> And this is what I get for replying to emails really late at night,
> and not checking links.  I'll go ahead and get the bug opened to track
> it.  Thanks for the help!

I didn't forget about this.  We're working on getting an external
account and getting as many details of how this is going to get
deployed.  Once I have something that you can have for testing, I will
let you know.

-PJ
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Loading...