Akeeba Admin Tools Blocks the Microsoft 365 OAuth Authorization Process – How to Fix It

If you are using Akeeba Admin Tools on your Joomla site, you may encounter an issue where the OAuth authorization process for the Microsoft Outlook 365 Mail Connect plugin cannot complete. This happens because Akeeba's Web Application Firewall (WAF) blocks the OAuth callback URL during the Microsoft sign-in redirect.

Symptoms

  • The authorization process with Microsoft 365 does not complete.
  • You may see a 403 Forbidden error or a blank page after attempting to sign in with your Microsoft account.
  • The plugin remains unauthorized even though your Microsoft credentials are correct.
  • The issue only occurs when Akeeba Admin Tools is active with its firewall enabled.

Why This Happens

Akeeba Admin Tools includes a Web Application Firewall (WAF) that filters incoming requests to protect your site. During the OAuth flow, Microsoft redirects back to your Joomla site using a callback URL (e.g., /administrator/index.php/ms365/microsoft-outlook-365-mail-connect-authorize). The WAF treats this redirect as a suspicious request and blocks it before the plugin can process the authorization response.

Note: Manually editing the .htaccess file is generally not effective in this scenario, because Akeeba Admin Tools regenerates and overwrites the .htaccess file automatically. Any manual changes will be lost.

Solution

The recommended approach is to temporarily disable the Akeeba Admin Tools firewall, complete the authorization, and then re-enable it.

Step 1 – Disable the Akeeba Admin Tools Firewall

  1. Log in to your Joomla Administrator panel.
  2. Go to Components → Admin Tools → Web Application Firewall.
  3. Set the WAF to Disabled (or toggle the main firewall switch off).

Step 2 – Restore the Default Joomla .htaccess

  1. Connect to your site via FTP or your hosting File Manager.
  2. Rename the current .htaccess file to .htaccess.backup (so you can restore it later).
  3. Rename the default Joomla htaccess.txt file to .htaccess.

Step 3 – Complete the OAuth Authorization

  1. Go to System → Plugins and open the Microsoft Outlook 365 Mail Connect plugin.
  2. Click the Authorize button to start the Microsoft sign-in process.
  3. Sign in with your Microsoft 365 account and grant the required permissions.
  4. You should now be redirected back to your Joomla site with a successful authorization confirmation.

Step 4 – Re-enable Akeeba Admin Tools

  1. Go back to Components → Admin Tools → Web Application Firewall and re-enable the firewall.
  2. Let Akeeba Admin Tools regenerate the .htaccess file (or restore your .htaccess.backup file by renaming it back to .htaccess).
  3. Verify that the Microsoft 365 connection remains active by sending a test email from System → Global Configuration → Server → Send Test Mail.

Important Notes

  • The Microsoft 365 OAuth token is stored in the database after a successful authorization. Re-enabling the firewall afterward does not affect the existing connection.
  • You only need to perform this procedure once (or again if you need to re-authorize, e.g., after a token expiration or password change).
  • If you prefer not to fully disable the WAF, you can try adding the callback path to the Akeeba Admin Tools WAF exception list under "Allow direct access, including .php files, to these directories", using the path: administrator/index.php/ms365. However, this may not work in all configurations, and the temporary disable method above is the most reliable approach.

Still Need Help?

If the issue persists after following these steps, please contact our support team and we will be happy to assist you further.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us