subject:"\[EXT\] Re\: dovecot and oauth2 \(with keycloak\) not working"

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Francis Augusto Medeiros-Logeay via dovecot




It seems that it works on the dovecot side. When Roundcube sends the 
token, I get the user authenticated via IMAP/oauth2 in dovecot.


What worked for me was:

- adding client_id and client_secret
- removing the tokeninfo_url, using just the introspect_url and 
introspect_mode=token.


Now gotta fix Roundcube...

Best,
Francis

On 2023-11-20 13:48, Francis Augusto Medeiros-Logeay wrote:

---
Francis Augusto Medeiros-Logeay
Oslo, Norway

On 2023-11-20 09:04, Aki Tuomi wrote:
On 20/11/2023 10:03 EET Francis Augusto Medeiros-Logeay 
 wrote:



> Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply
> concatenate tokeninfo_url and token, so you need to provide the URL in
> that fashion.
>
> Aki

Thanks Aki.

Still no go:


Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: 
Host

created




oauth2(fran...@mydomain.com,10.10.40.30,<4Gv83JAKyOcKCige>): oauth2
failed: Token validation failed: connect(10.10.200.10:443) failed:
Connection refused




___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Francis Augusto Medeiros-Logeay via dovecot





---
Francis Augusto Medeiros-Logeay
Oslo, Norway

On 2023-11-20 09:04, Aki Tuomi wrote:
On 20/11/2023 10:03 EET Francis Augusto Medeiros-Logeay 
 wrote:



> Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply
> concatenate tokeninfo_url and token, so you need to provide the URL in
> that fashion.
>
> Aki

Thanks Aki.

Still no go:


Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host
created




oauth2(fran...@mydomain.com,10.10.40.30,<4Gv83JAKyOcKCige>): oauth2
failed: Token validation failed: connect(10.10.200.10:443) failed:
Connection refused


It still doesn't work after I fixed that "connection refused" problem. I 
had a NAT reflector problem. But with that out of the way, I still don't 
get it to work:


Nov 20 13:43:03 auth: Error: 
ldap(fran...@mydomain.com,10.10.40.30,): ldap_bind() 
failed: Constraint violation
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: Host 
created
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: Host 
session created
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: Need 
to perform DNS lookup
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: 
Performing asynchronous DNS lookup
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client: dns(auth.mydomain.com): Lookup started
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client: Connecting
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=2800,uid=0): Client connected (fd=23)
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=2800,uid=0): Sending version handshake
Nov 20 13:43:03 auth: Debug: http-client[1]: request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo?token=eyJhbGciOi..redacted...3MDA0ODQ0ODMsImlhdCI6MTcwMDQ4NDE4MywiYXV0aF...: 
Submitted (requests left=1)
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=2800,uid=0): dns(auth.mydomain.com): Lookup 
successful after 5 msecs
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: DNS 
lookup successful; got 1 IPs
Nov 20 13:43:03 auth: Debug: http-client: peer 10.10.20.100:443 
(shared): Peer created
Nov 20 13:43:03 auth: Debug: http-client: peer 10.10.20.100:443: Peer 
pool created
Nov 20 13:43:03 auth: Debug: http-client[1]: peer 10.10.20.100:443: Peer 
created
Nov 20 13:43:03 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Setting up connection to 10.10.20.100:443 
(SSL=auth.mydomain.com) (1 requests pending)
Nov 20 13:43:03 auth: Debug: http-client[1]: peer 10.10.20.100:443: 
Linked queue https://auth.mydomain.com:443 (1 queues linked)
Nov 20 13:43:03 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Started new connection to 
10.10.20.100:443 (SSL=auth.mydomain.com)
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=2800,uid=0): Disconnected: Connection closed 
(fd=23)
Nov 20 13:43:03 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=2800,uid=0): Disconnect: deinit
Nov 20 13:43:03 auth: Debug: http-client[1]: peer 10.10.20.100:443: 
Creating 1 new connections to handle requests (already 0 usable, 
connecting to 0, closing 0)
Nov 20 13:43:03 auth: Debug: http-client[1]: peer 10.10.20.100:443: 
Making new connection 1 of 1 (0 connections exist, 0 pending)
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
Connecting
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
Waiting for connect (fd=23) to finish for max 0 msecs
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
HTTPS connection created (1 parallel connections exist)
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
Client connected (fd=23)
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
Connected
Nov 20 13:43:03 auth: Debug: http-client: conn 10.10.20.100:443 [1]: 
Starting SSL handshake
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x10, ret=1: 
before SSL initialization
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1001, 
ret=1: before SSL initialization
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1001, 
ret=1: SSLv3/TLS write client hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1002, 
ret=-1: SSLv3/TLS write client hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1002, 
ret=-1: SSLv3/TLS write client hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1002, 
ret=-1: SSLv3/TLS write client hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1001, 
ret=1: SSLv3/TLS write client hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1001, 
ret=1: SSLv3/TLS read server hello
Nov 20 13:43:03 auth: Debug: auth.mydomain.com: SSL: where=0x1002,

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Aki Tuomi via dovecot



> On 20/11/2023 10:03 EET Francis Augusto Medeiros-Logeay  
> wrote:
> 
>  
> > Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply 
> > concatenate tokeninfo_url and token, so you need to provide the URL in 
> > that fashion.
> > 
> > Aki
> 
> Thanks Aki.
> 
> Still no go:
> 
> 
> Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host 
> created



oauth2(fran...@mydomain.com,10.10.40.30,<4Gv83JAKyOcKCige>): oauth2 
failed: Token validation failed: connect(10.10.200.10:443) failed: 
Connection refused

Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

3 matches

Site Navigation

Mail list logo

Footer information