similar to: dovecot oauth

Hello, Still trying to make roundcube / Dovecot works with Keycloak. Dovecot can't seem to validate the access_token that Roundcube gave. ----- Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET

> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > > > > Hello, > > > > I'm trying to configure roundcube / dovecot to work with keycloak. > > I activated xoauth2 oauthbearer in dovecot. > > But a problem

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

Hi! It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Aki > On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: > > > Hi, > > For troubleshooting purposes, I change the read/write permissions on the certs and confirmed 'dovecot' can read them w/o problem, but still seeing the

Thank you Stephan, I'm wondering if I can read the track of the status of bug reports? Could you please advice? Thanks. Mizuki On Sun, Dec 8, 2019 at 6:40 AM Stephan Bosch <stephan at rename-it.nl> wrote: > > > On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > > Hi! > > > > It seems there is a bug in the oauth2 driver, it loads the cert files > wrong

On 5/07/20 18:46, Aki Tuomi wrote: >> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> >> >>> On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: >>> >>> >>> Hello, >>> >>> I'm trying to configure roundcube / dovecot to work with keycloak. >>> I

Before declaring it not ready for prime time, did you try setting tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt In the oauth2 configuration file as documented in https://doc.dovecot.org/configuration_manual/authentication/oauth2 ? Aki > On 05/12/2019 21:58 mizuki via dovecot <dovecot at dovecot.org> wrote: > > > Hi all, > > We'd like to enable OAuth with

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send to Keyclock, for example, this post

> On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > Hello, > > I'm trying to configure roundcube / dovecot to work with keycloak. > I activated xoauth2 oauthbearer in dovecot. > But a problem occurs when dovecot tries to contact the keycloak server > (logs are below). > > My problem looks like this one: >

Hi, Can someone point out what I am doing wrong here? Background: I'm trying to make keycloak (saml) authenticate using kerberos, and I'm getting "client not found in kerberos database". Below are the steps I have taken. I'm using a domain member servers machine account (server$) to add the SPN, since keycloak is running on that member server. (for the record: the

?Hi Team, Environment:? Samba 4.20.4 AD-DC on bookworm. I am trying to setup password change for users as self-service in the account-console in Keycloak (25.0.4 on Bookworm). I have setup Keycloak user federation with writable (Active Directory) LDAP and Kerberos and without synchronization (so there are no local Keycloak actions, everything goes directly to Samba). I have tested the

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a

Hello everyone, I received a somewhat strange and complicated demand today. The idea of the manager is to use samba as a domain server but the directory tree (authentication and authorization of users) is on an external SAML server using keycloak. The samba will pass only GPO. Is this possible? As far as I've seen samba works the version of Windows Active Directory as well, and I've

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.

Hi, One interesting thing in this release is the support for configuring OAUTH2 openid-configuration element. It would be nice if IMAP clients started supporting this feature to enable OAUTH2 for all IMAP servers, not just Gmail and a few others. This would allow all kinds of new authentication methods for IMAP and improve the authentication security in general.

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH