[Koha] Fwd: Office365 and Koha selfregistration verification mails

Marcel de Rooy rooy.de.m at gmail.com
Thu Aug 27 18:30:23 NZST 2020


s/Thread/Threat/

---------- Forwarded message ---------
Van: Marcel de Rooy <rooy.de.m at gmail.com>
Date: do 27 aug. 2020 om 08:26
Subject: Office365 and Koha selfregistration verification mails
To: Koha <koha at lists.katipo.co.nz>


FYI

The Office365 Advanced Thread Protection feature rewrites URLs and verifies
them when you click on them. When you try to register in Koha with an
Office365 email address, you will have a problem.

This has a nasty side-effect on selfregistration mails when you enabled
verification mails.
What happens, is: when Office365 verifies the link, the selfregistration is
completed and Office365 receives the credentials. The user actually does a
second call, the token is no longer found and he receives a failure
message. The Koha verification process is effectively sabotaged.

Note that you could add the Koha server domain as a do-not-rewrite URL in
the Office365 ATP setup somewhere..

Marcel


More information about the Koha mailing list