Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something Looking at the Wforce console I see: WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed In wforce.conf I have the (default): webserver("0.0.0.0:8084", "--WEBPWD") Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? -- Daniel
On 02.08.2017 23:35, Daniel Miller wrote:> Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... > > Wforce appears to start without errors. I added a file to dovecot's conf.d: > > 95-policy.conf: > auth_policy_server_url = http://localhost:8084/ > auth_policy_hash_nonce = this_is_my_super_secret_something > > Looking at the Wforce console I see: > > WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed > > In wforce.conf I have the (default): > > webserver("0.0.0.0:8084", "--WEBPWD") > > Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config?You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. hope this helps, Teemu
On 8/3/2017 6:11 AM, Teemu Huovila wrote:> > On 02.08.2017 23:35, Daniel Miller wrote: >> Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... >> >> Wforce appears to start without errors. I added a file to dovecot's conf.d: >> >> 95-policy.conf: >> auth_policy_server_url = http://localhost:8084/ >> auth_policy_hash_nonce = this_is_my_super_secret_something >> >> Looking at the Wforce console I see: >> >> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed >> >> In wforce.conf I have the (default): >> >> webserver("0.0.0.0:8084", "--WEBPWD") >> >> Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? > You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. >I knew it would be something like that. I've made some changes but I'm still not there. I presently have: webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") in wforce.conf (and I've tried with and without the --WEBPWD) and auth_policy_server_api_header = Authorization: Basic dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl in 95-policy.conf for dovecot Obviously I'm still formatting something wrong. Daniel
On 8/4/2017 12:48 PM, Daniel Miller wrote:> On 8/3/2017 6:11 AM, Teemu Huovila wrote: >> >> On 02.08.2017 23:35, Daniel Miller wrote: >>> Is there explicit documentation available for the (probably trivial) >>> configuration needed for Dovecot and Wforce? I'm probably missing >>> something that should be perfectly obvious... >>> >>> Wforce appears to start without errors. I added a file to dovecot's >>> conf.d: >>> >>> 95-policy.conf: >>> auth_policy_server_url = http://localhost:8084/ >>> auth_policy_hash_nonce = this_is_my_super_secret_something >>> >>> Looking at the Wforce console I see: >>> >>> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web >>> Authentication failed >>> >>> In wforce.conf I have the (default): >>> >>> webserver("0.0.0.0:8084", "--WEBPWD") >>> >>> Do I need to change the "--WEBPWD"? Do I need to specify something >>> in the Dovecot config? >> You could try putting an actual password, in plain text, where >> --WEBPWD is. Then add that base64 encoded to dovecot setting >> auth_policy_server_api_header. >> > I knew it would be something like that. I've made some changes but > I'm still not there. I presently have: > > webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") > in wforce.conf (and I've tried with and without the --WEBPWD) > > and > > auth_policy_server_api_header = Authorization: Basic > dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl > in 95-policy.conf for dovecot > > Obviously I'm still formatting something wrong. >I think I've got something working a little better. I'm using: webserver("0.0.0.0:8084", "ultra-secret-secure-safe") (so I remove the --WEBPWD - that's a placeholder, not a argument declaration) and for dovecot, the base64 encoding needs to be "wforce:password" instead of just the password. Now I have to see what else needs to be tweaked. Daniel
On 04.08.2017 23:10, Daniel Miller wrote:> On 8/4/2017 12:48 PM, Daniel Miller wrote: >> On 8/3/2017 6:11 AM, Teemu Huovila wrote: >>> >>> On 02.08.2017 23:35, Daniel Miller wrote: >>>> Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... >>>> >>>> Wforce appears to start without errors. I added a file to dovecot's conf.d: >>>> >>>> 95-policy.conf: >>>> auth_policy_server_url = http://localhost:8084/ >>>> auth_policy_hash_nonce = this_is_my_super_secret_something >>>> >>>> Looking at the Wforce console I see: >>>> >>>> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed >>>> >>>> In wforce.conf I have the (default): >>>> >>>> webserver("0.0.0.0:8084", "--WEBPWD") >>>> >>>> Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? >>> You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. >>> >> I knew it would be something like that. I've made some changes but I'm still not there. I presently have: >> >> webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") >> in wforce.conf (and I've tried with and without the --WEBPWD) >> >> and >> >> auth_policy_server_api_header = Authorization: Basic dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl >> in 95-policy.conf for dovecot >> >> Obviously I'm still formatting something wrong. >> > I think I've got something working a little better. I'm using: > webserver("0.0.0.0:8084", "ultra-secret-secure-safe") > (so I remove the --WEBPWD - that's a placeholder, not a argument declaration) > > and for dovecot, the base64 encoding needs to be "wforce:password" instead of just the password. > > Now I have to see what else needs to be tweaked. > > DanielGlad you got it working. Lua comments, prefixed with "--" can indeed be a bit misleading. My sloppy answer omitting HTTP Basic auth hash contents did not help either. br, Teemu