Webapp - Certificate auth fails



  • Hi!

    I opened a support case (paid customer).
    The “trust” is working. Webapp disables authentication, if https-connection is set up (great), BUT: If I user apache-auth, webapp does not work anymore:

    • Start webapp in browser
    • Basic-Auth on apache2
    • Webapp shows “loading-circle” endlessly

    To be sure about the working trust, I disabled Basic-Auth

    • Start webapp in browser
    • Webapp-Login appears
    • Login with user and WRONG password is possible (as in webaccess)
      –> Trust is working

    Regards,
    Stril


  • Kopano

    Hi @Stril ,

    works for me.

    1. make the following changes to config.php of webapp
            define("DEFAULT_SERVER", "https://felix-KS-38462.lxd01.zarafa.lan:237/kopano");
    
            // When using a single-signon system on your webserver, but Kopano Core is on another server
            // you can use https to access the Kopano server, and authenticate using an SSL certificate.
            define("SSLCERT_FILE", "/etc/kopano/ssl/admin-felix-KS-38462.pem");
            define("SSLCERT_PASS", NULL);
    
    1. test if certificate overrides auth by loging in through webapp and giving wrong password
      -> works

    2. adapt apache vhost
      instead of setting up basic auth, I just hardcoded remote_user the following way SetEnv REMOTE_USER "user1"

    3. test if loging still succeeds
      -> it does and webapp loads completely.

    WebApp:
    3.4.0.790-0+526.1
    Kopano Core:
    8.4.90
    

    If it weren’t for the fact that you can succesfully login without the basic auth I would say that there is a json parsing error in your users settings. The one way to make sure that this is not the case would be to create a new blank user and try to login with that user.
    You should be able to see if it is indeed a parsing error by looking into the javascript console and maybe additionally the responses in the network tab in the developer tools of chrome.



  • Hi!

    Sorry for the late answer. I did not see your post.

    @fbartels said in Webapp - Certificate auth fails:

    1. make the following changes to config.php of webapp
            define("DEFAULT_SERVER", "https://felix-KS-38462.lxd01.zarafa.lan:237/kopano");
    
            // When using a single-signon system on your webserver, but Kopano Core is on another server
            // you can use https to access the Kopano server, and authenticate using an SSL certificate.
            define("SSLCERT_FILE", "/etc/kopano/ssl/admin-felix-KS-38462.pem");
            define("SSLCERT_PASS", NULL);
    
    1. test if certificate overrides auth by loging in through webapp and giving wrong password
      -> works

    –> Yes, it is working.

    1. adapt apache vhost
      instead of setting up basic auth, I just hardcoded remote_user the following way SetEnv REMOTE_USER "user1"

    –> I did the same test. Login with user “user1” is working. There is no “Login-window”.

    1. test if loging still succeeds
      -> it does and webapp loads completely.

    –> Same for me.

    If it weren’t for the fact that you can succesfully login without the basic auth I would say that there is a json parsing error in your users settings. The one way to make sure that this is not the case would be to create a new blank user and try to login with that user.
    You should be able to see if it is indeed a parsing error by looking into the javascript console and maybe additionally the responses in the network tab in the developer tools of chrome.

    I created a new user “user1” and tried to login with basic auth. The only error, I can see in the browser console is a 401 error for:
    http://10.0.49.229/webapphttps/zarafa.php?subsystem=webapp_1502960818098

    Javascriptconsole does not show anything in Chrome.

    Do you have any idea, why there is the “401”-error?

    Thank you for your help!!!

    Regards,
    Stril


  • Kopano

    Hi @stril ,

    so login is now working for you?



  • Hi!

    No! The problem still exists!

    I am not able to get the authentication fully working.
    If it was not clear: After the “401” error in the console, zarafa-webapp stays in the picture of the “loading-circle”.

    I really Need help.

    Regards,
    Stril


  • Kopano

    Hi @stril ,

    I have seen occasional 401 errors in the logging, when utilizing SSO. In the past this never interfered with the functionality (its rather an internal function that tries to reuse the user password, which is now not available).

    Since you already have a support ticket open I would recommend to pursue this further with our support.



  • Hi Felix!

    Yes, I opened a support ticket on 09-08-2017, but I did not get any answer on it since 11-08-2017

    I really hope to get help…

    Regards


  • Kopano

    HI @stril ,

    it often help replying to a ticket again if you did not get a reply in a while.



  • @fbartels
    I updated the ticket, but nobody cares about it…

    I really hope to find a solution for this. Cert-Auth works, but not in combination with basic-auth.

    Regards


  • Kopano

    Hi @stril ,

    I’ve triggered our support about your ticket. Apparently they have been busy internally with it, but did not yet communicate back.


Log in to reply
 

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.