search for: oauth2

...following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection = yes username_attribute = username #active_attribute = active #active_value = true tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem tls_key_file = /etc/pki/dovecot/private/dovecot.pem --------------- The debug...

All, We currently use a proxy configuration with an sql query to authenticate and discover which backend server an address belongs to and proxy the connection to that host to authenticate and retrieve mail. We are looking to move to OAUTH2 for authentication and am just trying to figure how how to get that extra host information as part of the passdb query when using this mechanism. Looking at doco if we were running a director setup (which we are not) that process seems to be able to poke that info into response but is there any ot...

Hello all, My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution, both of these gems throw the following OpenSSL::SSL::SSLError when used: * SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: cert...

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I change th...

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send t...

...ing to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1. Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged. Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans for an implementation. Greetings Lennart Boettcher -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190814/4fd3d7f1/attachment.html>

I'm trying to implement the password grant flow, as specified at https://wiki2.dovecot.org/PasswordDatabase/oauth2, but am getting an error message. Can you please help? auth: Fatal: oauth2 /etc/dovecot/dovecot-oauth2.token.conf.ext: Error in configuration file /etc/dovecot/dovecot-oauth2.token.conf.ext line 1: Unknown setting: grant_url $ dovecot -n # 2.3.5.2 (38c8f1daf): /etc/dovecot/dovecot.conf # OS: Linu...

I have included oauth2 and authlogic-oauth2 in the gemfile as I want to use them and am trying to start the server. It doesn''t start and gives me the error /Library/Ruby/Gems/1.8/gems/railties-3.0.3/lib/rails.rb:44:in `configuration'': undefined method `config'' for nil:NilClass (NoMethodError)...

Hi, i started using oauth2 gem by intridea (http://github.com/intridea/oauth2) and don''t know how to fix this problem. I have developed both client and server and on request for access_token i see no grant_type parameter. My code from client callback controller class CallbackController < Devise::OauthCallbacksCo...

...6 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): auth-worker<1>: Finished dovecot_1 | Sep 16 03:29:36 auth: Debug: pam(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Finished passdb lookup dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Performing passdb lookup dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(admin,172.18.0.1,<Q5Bc4GWv9tqsEgAB>): Attempting to locally validate token dovecot_1 | Sep 16 03:29:36 auth: Debug: oauth2(adm...

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands 'opens...

Has anyone gotten started with getting the OAuth2 replacement for Facebook Connect working with auth_logic? I know there is an OAuth2 gem (http://intridea.com/2010/4/22/oauth2- gem-just-in-time-for-facebook-graph?blog=company), and I''m thinking of using that to integrate. Anyone know when the Fb Connect API will be shut down? -- You r...

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH authentication via OAuth2, in particular, would save complexity at most organizations I...

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general. https://dovec...

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general. https://dovec...

Hi all, I'm wondering if there are any IMAP client software alternative to Thunderbird who can handle OAuth2 other than using gmail, yahoo etc (ex, talk to local auth provider)? Thunderbird does not seem to support well at the time being so I'm wondering what other choices we may have for our user communities. Thank you very much. Mizuki -------------- next part -------------- An HTML attachment was s...

...zp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. Risk: Local attacker can login as any user and access their emails. Workaround: Disable local JWT validation in oauth2, or use a different dict driver than fs:posix. Solution: Operators should update to 2.3.14.1 or later version.

...zp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. Risk: Local attacker can login as any user and access their emails. Workaround: Disable local JWT validation in oauth2, or use a different dict driver than fs:posix. Solution: Operators should update to 2.3.14.1 or later version.

...use introspection endpoint. Looked around at the src and there seems to be relatively simple check of the token typ checking the only fixed value of "JWT" -- do you think you could consider tuning it a little bit so that local validation works also with such tokens? I am not an expert on OAuth2 so have no idea whether this is a valid request, but think that such a token is still JWT but has the required structure per RFC, which should not anyhow be in collision with a simple "JWT" typ. Saying that, I would not wonder if the statement is not correct :) Many thanks, Tomas

Dear ALL, Anyone have come accross the following error, your comments would be of great help, plz suggest on this,OAuth2::Error ({"ErrorCode":" UnsupportedAuthorizationScheme","ErrorMessage":"Only 'Bearer' scheme is supported for Authorization header."})* Any help is greatlly appreciated Thanks & Regards, Usha -- You received this message because you are subscrib...