Webapp - Certificate auth fails

Hi!

I opened a support case (paid customer).
The “trust” is working. Webapp disables authentication, if https-connection is set up (great), BUT: If I user apache-auth, webapp does not work anymore:

  • Start webapp in browser
  • Basic-Auth on apache2
  • Webapp shows “loading-circle” endlessly

To be sure about the working trust, I disabled Basic-Auth

  • Start webapp in browser
  • Webapp-Login appears
  • Login with user and WRONG password is possible (as in webaccess)
    –> Trust is working

Regards,
Stril

Hi @Stril ,

works for me.

  1. make the following changes to config.php of webapp
        define("DEFAULT_SERVER", "https://felix-KS-38462.lxd01.zarafa.lan:237/kopano");

        // When using a single-signon system on your webserver, but Kopano Core is on another server
        // you can use https to access the Kopano server, and authenticate using an SSL certificate.
        define("SSLCERT_FILE", "/etc/kopano/ssl/admin-felix-KS-38462.pem");
        define("SSLCERT_PASS", NULL);
  1. test if certificate overrides auth by loging in through webapp and giving wrong password
    -> works

  2. adapt apache vhost
    instead of setting up basic auth, I just hardcoded remote_user the following way SetEnv REMOTE_USER "user1"

  3. test if loging still succeeds
    -> it does and webapp loads completely.

WebApp:
3.4.0.790-0+526.1
Kopano Core:
8.4.90

If it weren’t for the fact that you can succesfully login without the basic auth I would say that there is a json parsing error in your users settings. The one way to make sure that this is not the case would be to create a new blank user and try to login with that user.
You should be able to see if it is indeed a parsing error by looking into the javascript console and maybe additionally the responses in the network tab in the developer tools of chrome.

Hi!

Sorry for the late answer. I did not see your post.

@fbartels said in Webapp - Certificate auth fails:

  1. make the following changes to config.php of webapp
        define("DEFAULT_SERVER", "https://felix-KS-38462.lxd01.zarafa.lan:237/kopano");

        // When using a single-signon system on your webserver, but Kopano Core is on another server
        // you can use https to access the Kopano server, and authenticate using an SSL certificate.
        define("SSLCERT_FILE", "/etc/kopano/ssl/admin-felix-KS-38462.pem");
        define("SSLCERT_PASS", NULL);
  1. test if certificate overrides auth by loging in through webapp and giving wrong password
    -> works

–> Yes, it is working.

  1. adapt apache vhost
    instead of setting up basic auth, I just hardcoded remote_user the following way SetEnv REMOTE_USER "user1"

–> I did the same test. Login with user “user1” is working. There is no “Login-window”.

  1. test if loging still succeeds
    -> it does and webapp loads completely.

–> Same for me.

If it weren’t for the fact that you can succesfully login without the basic auth I would say that there is a json parsing error in your users settings. The one way to make sure that this is not the case would be to create a new blank user and try to login with that user.
You should be able to see if it is indeed a parsing error by looking into the javascript console and maybe additionally the responses in the network tab in the developer tools of chrome.

I created a new user “user1” and tried to login with basic auth. The only error, I can see in the browser console is a 401 error for:
http://10.0.49.229/webapphttps/zarafa.php?subsystem=webapp_1502960818098

Javascriptconsole does not show anything in Chrome.

Do you have any idea, why there is the “401”-error?

Thank you for your help!!!

Regards,
Stril

Hi!

No! The problem still exists!

I am not able to get the authentication fully working.
If it was not clear: After the “401” error in the console, zarafa-webapp stays in the picture of the “loading-circle”.

I really Need help.

Regards,
Stril

Hi @stril ,

I have seen occasional 401 errors in the logging, when utilizing SSO. In the past this never interfered with the functionality (its rather an internal function that tries to reuse the user password, which is now not available).

Since you already have a support ticket open I would recommend to pursue this further with our support.

Hi Felix!

Yes, I opened a support ticket on 09-08-2017, but I did not get any answer on it since 11-08-2017

I really hope to get help…

Regards

HI @stril ,

it often help replying to a ticket again if you did not get a reply in a while.

@fbartels
I updated the ticket, but nobody cares about it…

I really hope to find a solution for this. Cert-Auth works, but not in combination with basic-auth.

Regards

Hi @stril ,

I’ve triggered our support about your ticket. Apparently they have been busy internally with it, but did not yet communicate back.

Hi!

Three weeks later - still no response from your support-team although covered by premium support…

Regards

@stril I’ve sent another reminder to our support team.

Hi!

Thank you for your help. One of your colleagues answered to the ticket and helped me to find the problem:

My basic auth was configured as:

AuthUserFile /var/www/webapphttps/.htpasswd
AuthGroupFile /dev/null
AuthName "Sicherheitsabfrage"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

–> That does lead to the 401 error

AuthUserFile /var/www/webapphttps/.htpasswd
AuthGroupFile /dev/null
AuthName "Sicherheitsabfrage"
AuthType Basic
#<Limit GET>
require valid-user
#</Limit>

Removing the “Limit” solved the problem.

Thank you and best wishes

Log in to reply

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.