View Issue Details

IDProjectCategoryView StatusLast Update
0002237SOGoBackend Calendarpublic2013-06-19 21:37
Reporterwimmer Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.4b 
Target Version2.0.6Fixed in Version2.0.6 
Summary0002237: Public Access while using SOGoTrustProxyAuthentication
Description

I use WebAuth authentication for WebGUI and Kerberos auth for CalDAV access.

When I'm using:
sogod SOGoTrustProxyAuthentication YES
sogod SOGoEnablePublicAccess YES

outside users have no access to calendars available via "Public Access".
SOGo gives "Unauthorized" and provides this log:
localhost - - [07/Feb/2013:18:21:44 GMT] "GET /SOGo/dav/public/wimmer/Calendar/personal.ics HTTP/1.1" 403 12/0 0.001 - - 12K

When I'm using SOGoEnablePublicAccess only:
sogod SOGoEnablePublicAccess YES
"Public Access" https://server/SOGo/dav/public/wimmer/Calendar/personal.ics works fine.

TagsNo tags attached.

Activities

ludovic

ludovic

2013-04-05 17:56

administrator   ~0005485

You mean, when you set:

SOGoTrustProxyAuthentication = NO
SOGoEnablePublicAccess = YES

it works?

wimmer

wimmer

2013-04-05 18:39

reporter   ~0005489

Yes.
I have another system with this traditional setting and it works there.
I tried it just now (for all cases ;-)

ludovic

ludovic

2013-06-19 19:47

administrator   ~0005669

Fix pushed: https://github.com/inverse-inc/sogo/commit/1734b387a353cab21b1f768791af8983e9f9ec98

Test it buddy!

wimmer

wimmer

2013-06-19 21:09

reporter   ~0005671

I used current git tree of both sogo and sope and I installed them on my testing machine now.
I use: sogod SOGoTrustProxyAuthentication YES

but sogo gives me it's own "Login page" as I would not use proxy-side authentication. 2.0.5 works correctly in this aspect with the same configuration.
So I cannot test Public Access now...

ludovic

ludovic

2013-06-19 21:12

administrator   ~0005672

Instead of:

  • (NSString ) checkCredentialsInContext: (WOContext ) context
    {
    NSString *remoteUser;

    if ([[SOGoSystemDefaults sharedSystemDefaults] trustProxyAuthentication])
    {
    remoteUser = @"anonymous";
    }
    else
    {
    / If such a header is not provided by the proxy, SOPE will attempt to
    deduce it from the "Authorization" header.
    /
    remoteUser = [[context request] headerForKey: @"x-webobjects-remote-user"];
    }

    return remoteUser;
    }

in SOGoProxyAuthentication.m, try:

  • (NSString ) checkCredentialsInContext: (WOContext ) context
    {
    NSString *remoteUser;

    / If such a header is not provided by the proxy, SOPE will attempt to
    deduce it from the "Authorization" header.
    /
    remoteUser = [[context request] headerForKey: @"x-webobjects-remote-user"];

    if ([remoteUser length] == 0 && [[SOGoSystemDefaults sharedSystemDefaults] trustProxyAuthentication])
    {
    remoteUser = @"anonymous";
    }

    return remoteUser;
    }

wimmer

wimmer

2013-06-19 21:31

reporter   ~0005673

Yes, now work them both - proxy-side authentication and Public Access.

Thank you Sir.

ludovic

ludovic

2013-06-19 21:37

administrator   ~0005674

Updated patch: https://github.com/inverse-inc/sogo/commit/c08263d1c3d6444616f51643c409a4e2d7c02593

Issue History

Date Modified Username Field Change
2013-02-07 19:56 wimmer New Issue
2013-02-08 16:15 francis Target Version => 2.0.5
2013-04-05 17:56 ludovic Note Added: 0005485
2013-04-05 18:39 wimmer Note Added: 0005489
2013-04-11 19:48 ludovic Target Version 2.0.5 => soon
2013-05-24 11:20 ludovic Target Version soon => 2.0.6
2013-06-03 14:48 ludovic Status new => assigned
2013-06-03 14:48 ludovic Assigned To => ludovic
2013-06-19 19:47 ludovic Note Added: 0005669
2013-06-19 19:47 ludovic Status assigned => closed
2013-06-19 19:47 ludovic Resolution open => fixed
2013-06-19 19:47 ludovic Fixed in Version => 2.0.6
2013-06-19 21:09 wimmer Note Added: 0005671
2013-06-19 21:09 wimmer Status closed => feedback
2013-06-19 21:09 wimmer Resolution fixed => reopened
2013-06-19 21:12 ludovic Note Added: 0005672
2013-06-19 21:31 wimmer Note Added: 0005673
2013-06-19 21:37 ludovic Note Added: 0005674
2013-06-19 21:37 ludovic Status feedback => closed
2013-06-19 21:37 ludovic Resolution reopened => fixed