Displaying 20 results from an estimated 95 matches for "oauth2".
2019 Dec 06
4
Dovecot & OAuth
...following:
tokeninfo_url =
https://keycloak.com/auth/realms/mail/protocol/openid-connect/token
introspection_url =
https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
introspection_mode = post
debug = yes
rawlog_dir = /tmp/oauth2
#force_introspection = yes
username_attribute = username
#active_attribute = active
#active_value = true
tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
tls_key_file = /etc/pki/dovecot/private/dovecot.pem
---------------
The debug...
2018 May 29
1
OAUTH2 + proxying [host=??]
All,
We currently use a proxy configuration with an sql query to authenticate
and discover which backend server an address belongs to and proxy the
connection to that host to authenticate and retrieve mail. We are
looking to move to OAUTH2 for authentication and am just trying to
figure how how to get that extra host information as part of the passdb
query when using this mechanism. Looking at doco if we were running a
director setup (which we are not) that process seems to be able to poke
that info into response but is there any ot...
2011 Mar 19
0
Problems with SSL dependent gems OAuth2 & ActiveMerchant
Hello all,
My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and
the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the
current Rails/Ruby distribution, both of these gems throw the following
OpenSSL::SSL::SSLError when used:
* SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: cert...
2019 Dec 08
2
Dovecot & OAuth
On 06/12/2019 20:54, Aki Tuomi via dovecot wrote:
> Hi!
>
> It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this.
Tracking as DOP-1590.
Regards,
Stephan.
>> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote:
>>
>>
>> Hi,
>>
>> For troubleshooting purposes, I change th...
2020 Feb 14
0
Dovecot Proxy - Oauth2 mech add custom fields
Hi,
I have a problem with configuring dovecot passdb for Oauth2 with keyclock.
A user can access more mailbox, mailboxes are associated with the user.
When a user login with this method:
OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready.
a login mailbox*user password
Dovecot when requiring the grant_url send t...
2019 Aug 14
2
Dovecot - Microsoft Azure AD
...ing to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1.
Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged.
Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans for an implementation.
Greetings
Lennart Boettcher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190814/4fd3d7f1/attachment.html>
2019 Apr 19
1
OAuth Passdb Grant
I'm trying to implement the password grant flow, as specified at
https://wiki2.dovecot.org/PasswordDatabase/oauth2,
but am getting an error message. Can you please help?
auth: Fatal: oauth2 /etc/dovecot/dovecot-oauth2.token.conf.ext: Error in
configuration file /etc/dovecot/dovecot-oauth2.token.conf.ext line 1:
Unknown setting: grant_url
$ dovecot -n
# 2.3.5.2 (38c8f1daf): /etc/dovecot/dovecot.conf
# OS: Linu...
2010 Dec 20
0
Server won't start on using authlogic-oauth2
I have included oauth2 and authlogic-oauth2 in the gemfile as I want to
use them and am trying to start the server. It doesn''t start and gives
me the error
/Library/Ruby/Gems/1.8/gems/railties-3.0.3/lib/rails.rb:44:in
`configuration'': undefined method `config'' for nil:NilClass
(NoMethodError)...
2010 Sep 17
0
ruby's oauth2 grant_type
Hi, i started using oauth2 gem by intridea
(http://github.com/intridea/oauth2) and don''t know how to fix this
problem. I have developed both client and server and on request for
access_token i see no grant_type parameter. My code from client callback
controller
class CallbackController < Devise::OauthCallbacksCo...
2020 Sep 16
2
Cannot load key: Invalid dovecot key version
...6 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): auth-worker<1>: Finished
dovecot_1 | Sep 16 03:29:36 auth: Debug: pam(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Finished passdb lookup
dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Performing passdb lookup
dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Attempting to locally validate token
dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(adm...
2019 Dec 05
2
Dovecot & OAuth
Hi all,
We'd like to enable OAuth with Keycloak in Dovecot, after enabling
'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm
Dovecot is ready for OAuth using openssl command, however when the auth
request comes in, it failed in establishing a SSL connection with Keycloak
server on port 443, shown as following in debug logs. I can confirming
using commands 'opens...
2010 May 06
7
Facebook, authlogic, and OAuth2
Has anyone gotten started with getting the OAuth2 replacement for
Facebook Connect working with auth_logic?
I know there is an OAuth2 gem (http://intridea.com/2010/4/22/oauth2-
gem-just-in-time-for-facebook-graph?blog=company), and I''m thinking of
using that to integrate.
Anyone know when the Fb Connect API will be shut down?
--
You r...
2024 Feb 09
1
Authentication using federated identity
Practically speaking, most popular IAM and SSO solutions offer OIDC SAML
tokens but do not offer Kerberos tickets.? OpenID Connect is a standard
which itself is based on RFC6749 (OAuth2). This provides a compelling
reason to support it in addition to Kerberos.? I'll also note that OIDC
tokens are easy to validate without a bidirectional trust relationship
between the IdP and RP.
SSH authentication via OAuth2, in particular, would save complexity at
most organizations I...
2021 Aug 06
3
v2.3.16 released
Hi,
One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.
https://dovec...
2021 Aug 06
3
v2.3.16 released
Hi,
One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.
https://dovec...
2019 Dec 10
0
OAuth2 mail client
Hi all,
I'm wondering if there are any IMAP client software alternative to
Thunderbird who can handle OAuth2 other than using gmail, yahoo etc (ex,
talk to local auth provider)? Thunderbird does not seem to support well at
the time being so I'm wondering what other choices we may have for our user
communities.
Thank you very much.
Mizuki
-------------- next part --------------
An HTML attachment was s...
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
...zp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.
Risk:
Local attacker can login as any user and access their emails.
Workaround:
Disable local JWT validation in oauth2, or use a different dict driver than fs:posix.
Solution:
Operators should update to 2.3.14.1 or later version.
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
...zp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.
Risk:
Local attacker can login as any user and access their emails.
Workaround:
Disable local JWT validation in oauth2, or use a different dict driver than fs:posix.
Solution:
Operators should update to 2.3.14.1 or later version.
2023 Mar 01
0
OAuth2: local validation with RFC9068 tokens
...use introspection endpoint. Looked around at the src and there seems to be relatively simple check of the token typ checking the only fixed value of "JWT" -- do you think you could consider tuning it a little bit so that local validation works also with such tokens?
I am not an expert on OAuth2 so have no idea whether this is a valid request, but think that such a token is still JWT but has the required structure per RFC, which should not anyhow be in collision with a simple "JWT" typ. Saying that, I would not wonder if the statement is not correct :)
Many thanks,
Tomas
2014 May 22
0
OAuth2 client credentials grant error UnsupportedAuthorizationScheme
Dear ALL,
Anyone have come accross the following error, your comments
would be of great help, plz suggest on this,OAuth2::Error
({"ErrorCode":"
UnsupportedAuthorizationScheme","ErrorMessage":"Only
'Bearer' scheme is supported for Authorization header."})*
Any help is greatlly appreciated
Thanks & Regards,
Usha
--
You received this message because you are subscrib...