> On 04/10/2023 16:02 EEST Christian Rößner <li...@mlserv.org> wrote: > > > Hi, > > > Am 04.10.2023 um 14:31 schrieb Aki Tuomi <aki.tu...@open-xchange.com>: > > > >> > >> On 04/10/2023 15:13 EEST Christian Rößner via dovecot > >> <dovecot@dovecot.org> wrote: > >> > >> > >> Hi, > >> > >>> Am 04.10.2023 um 12:56 schrieb Arjen de Korte > >>> <build+dove...@de-korte.org>: > >>> > >>> Citeren Christian Rößner via dovecot <dovecot@dovecot.org>: > >>> > >>>> Hi, > >>>> > >>>> I use Roundcube with OIDC. Everything works fine in Dovecot 2.3.20, but > >>>> broke in 2.3.21. Downgrading to 2.3.20 makes it work again, so it is > >>>> introduced in the newer release. > >>>> > >>>> Error (2.3.21): > >>>> ``` > >>>> Oct 4 11:03:57 mx dovecot[558531]: imap-login: Disconnected: Connection > >>>> closed (client didn't finish SASL auth, waited 1 secs): > >>>> user=<christian@roessner.email>, orig_user=<christian@roessner.email>, > >>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, TLS, TLSv1.3 with > >>>> cipher TLS_AES_256_GCM_SHA384 (256/256 bits) > >>>> ``` > >>>> > >>>> Here is an example with 2.3.20: > >>>> > >>>> Success (2.3.20): > >>>> ``` > >>>> Oct 4 11:17:21 mx dovecot[889914]: imap-login: Login: > >>>> user=<christian@roessner.email>, orig_user=<christian@roessner.email>, > >>>> method=XOAUTH2, rip=192.168.0.4, lip=192.168.0.2, mpid=891874, TLS, > >>>> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) > >>>> ``` > >>> > >>> Searching the archives might give a lead to what's going on (and a > >>> possible workaround): > >>> > >>> https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/RR2GXLOAS6U3MZCQCA4T4S6QXCRV5GST > >> > >> I get a different error from RC: > >> > >> ``` > >> Oct 04 12:08:48 node1 8868c38d7990[158494]: errors: <48ea0f68> IMAP Error: > >> Login failed for christian@roessner.email against mail.roessner-net.de > >> from 192.168.32.1 (X-Real-IP: > >> 2003:a:a05:a600:858:7851:547f:8aed,X-Forwarded-For: > >> 2003:a:a05:a600:858:7851:547f:8aed). AUTHENTICATE XOAUTH2: A0001 NO > >> [AUTHENTICATIONFAILED] Authentication failed. in > >> /var/www/html/program/lib/Roundcube/rcube_imap.php on line 211 (GET > >> /index.php/login/oauth?code=ory_ac_L5_NrO7EjgIccmV-_Tq1Y1_vls6i9NS8lbO7mHYwVeQ.maAkpsqdG95hkLutiDi4aB2KDPvj_pQ65qD-tuY9zBI&scope=openid+offline_access+profile+email+dovecot&state=J3WpRsBcOrnw) > >> ``` > >> > >> And changing the introspection_url parameter did not change anything. > >> > >> Thanks in advance > >> > >> Christian Rößner > >> -- > > > > Can you provide auth_debug=yes logs? > > Turning n debug showed the problem: > > ``` > Oct 4 14:50:31 mx dovecot[1302421]: auth: Debug: > oauth2(christian@roessner.email,192.168.0.4,<3kfgc+MGeuXAqAAE>): oauth2 > active_attribute "active" is not present in the oauth2 server's response > ``` > > In earlier configuration tests I had an 'active' claim. Dovecot prior 2.3.21 > seems to had ignored a missing field, while newer version expect it to be > present if configured. > > Thanks. > > Christian Rößner > --
Yes, this was a bug that was fixed, that the active attribute is now actually checked. Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
