Epilogue
Today I wasted about 4h to figure out why I couldn't login to https://outlook.office.com respective https://outlook.office365.com nor I was able to connect to https://outlook.office365.com/ecp or its new version https://admin.exchange.microsoft.com/.
The ladder both at least did let me in from time to time - browser and computer independent.. .even on Linux I was rejected or not... absolutely erratic. Same with the user experience URIs, which did work - same browsers as with my Windows device - at least under Linux.
I tried much of the things, the web was willing to offer by searching it and was close to give up. I even did turn off all security measurements and started the good old Wireshark but nothing really led me to the solution - which I will not further keep away from you :)
A Solution
When I did setup O365 I was not happy by just adding some roles to my account, I just added all roles - why not, for setup I didn't want to fall short nor wanted to be the Global Administrator before establishing MFA.
I than found
We have a similar issue where user may receive redirect error when trying to sign in Outlook. The potential cause is: When there are too many roles that the user belongs to, the size of JWT token is bigger than 4K. OWA reuses JWT token data for OpenId Connect authentication. Because of the JWT size, the overall cookie length exceeds 4K, some browsers may not set the cookie.
For this case, please kindly confirm with your admin, try to sign in Office 365 admin center to checking all roles you already own and remove the un-needed roles. If you’re Office 365 global admin, in admin center, check current roles assigned to you and unassign all the other admin roles in the M365 admin center. Wait for a while for changes to take effect and test issue again.
at Microsoft Answers: Repeating redirects detected. Scroll down, I here cited the last answer above already, however, you might want to thank Anna Ma MSFT for this solution, if this helps you to overcome the here described issue - I did so and herewith again:
Thank you Anna Ma MSFT.
Aftermath
Despite the fact that Microsoft Exchange Online Team might want to expand the error message to e.g. "Cookie not found" or something like that and not the five or six different, misleading error messages, I again found a point speaking against Cookies - modern browsers do deliver alternative solutions; and here I don't need to write about GDPR compliance or related stuff.
Nearly 20 years ago I showed in a quite complex Netscape & Internet Explorer supporting JavaScript Web-project - nowadays you would use one of these nice frameworks - with a quite challenging interface (the designer was allowed what he believed is cool, modern, ...) that Cookies are of no use (at that time). We stored data up to 10MB and more by using other ways (which does work differently still today). Which was ridiculous too - but that's another story.
 
 
No comments:
Post a Comment