> On 20/11/2023 09:29 EET Francis Augusto Medeiros-Logeay via dovecot > <dovecot@dovecot.org> wrote: > > > Hi, > > I successfully configured Roundcube to use keycloak for oauth2. > > However, I am having trouble to make it work with dovecot. My configuration > is this: > > cat dovecot-oauth2.conf.ext > tokeninfo_url = > https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo > introspection_url = > https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/token/introspect > introspection_mode = post > username_attribute = postfixMailAddress > debug = yes > scope = openid Roundcube_email > > This is what I am getting from the logs: > > > Nov 20 08:20:30 auth: Error: > ldap(fran...@mydomain.com,10.10.40.30,<yskzUpAKb9EKCige>): ldap_bind() > failed: Constraint violation > Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host created > Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host > session created > Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: IPs have > expired; need to refresh DNS lookup > Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com:
... > > My dovecot version is 2.3.7.2 (3c910f64b). > > I find it odd that it is sending the token as a parameter, when I chose > “post” as the introspection mode. But I don’t know if that is the problem. > > best, > > Francis > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply concatenate tokeninfo_url and token, so you need to provide the URL in that fashion. Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
