Re: dovecot and oauth2 (with keycloak) not working

Mon, 20 Nov 2023 00:57:54 -0800 



Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply 
concatenate tokeninfo_url and token, so you need to provide the URL in 
that fashion.


Aki


Thanks Aki.

Still no go:



Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host 
created
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host 
session created
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Need 
to perform DNS lookup
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: 
Performing asynchronous DNS lookup
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client: dns(auth.mydomain.com): Lookup started
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client: Connecting
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=506,uid=0): Client connected (fd=24)
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=506,uid=0): Sending version handshake
Nov 20 08:59:19 auth: Debug: http-client[1]: request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo/token=eyJhbGci...redacted...TcwMDQ2NzE1OSwiYXV0aF...: 
Submitted (requests left=1)
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=506,uid=0): dns(auth.mydomain.com): Lookup 
successful after 4 msecs
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: DNS 
lookup successful; got 1 IPs
Nov 20 08:59:19 auth: Debug: http-client: peer 10.10.200.10:443 
(shared): Peer created
Nov 20 08:59:19 auth: Debug: http-client: peer 10.10.200.10:443: Peer 
pool created
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: Peer 
created
Nov 20 08:59:19 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Setting up connection to 10.10.200.10:443 
(SSL=auth.mydomain.com) (1 requests pending)
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Linked queue https://auth.mydomain.com:443 (1 queues linked)
Nov 20 08:59:19 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Started new connection to 
10.10.200.10:443 (SSL=auth.mydomain.com)
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=506,uid=0): Disconnected: Connection closed (fd=24)
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: conn 
unix:dns-client (pid=506,uid=0): Disconnect: deinit
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Creating 1 new connections to handle requests (already 0 usable, 
connecting to 0, closing 0)
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Making new connection 1 of 1 (0 connections exist, 0 pending)
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Connecting
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Waiting for connect (fd=24) to finish for max 0 msecs
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
HTTPS connection created (1 parallel connections exist)
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Client connection failed (fd=24)
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Connection failed (1 connections exist, 0 pending)
Nov 20 08:59:19 auth: Debug: http-client: peer 10.10.200.10:443: Failed 
to make connection (1 connections exist, 0 pending)
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Failed to establish any connection within our peer pool: 
connect(10.10.200.10:443) failed: Connection refused (1 connections 
exist, 0 pending)
Nov 20 08:59:19 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Failed to set up connection to 
10.10.200.10:443 (SSL=auth.mydomain.com): connect(10.10.200.10:443) 
failed: Connection refused (1 peers pending, 1 requests pending)
Nov 20 08:59:19 auth: Debug: http-client[1]: peer 10.10.200.10:443: 
Unlinked queue https://auth.mydomain.com:443 (0 queues linked)
Nov 20 08:59:19 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Failed to set up any connection; failing 
all queued requests
Nov 20 08:59:19 auth: Debug: http-client[1]: request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo/token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJaYTFXcXhxb0RULXBSc2o1WXZFdUJfLUxBVUtGNk5SeFFrUS1mNmdTUGs4In0.eyJleHAiOjE3MDA0Njc0NTksImlhdCI6MTcwMDQ2NzE1OSwiYXV0aF...: 
Error: 9003 connect(10.10.200.10:443) failed: Connection refused
Nov 20 08:59:19 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Dropping request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo/token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJaYTFXcXhxb0RULXBSc2o1WXZFdUJfLUxBVUtGNk5SeFFrUS1mNmdTUGs4In0.eyJleHAiOjE3MDA0Njc0NTksImlhdCI6MTcwM...redacted...IsImVtYWlsIjoiZnJhbmNpc0BtZWQtbG8uZXUifQ.SwvJ3PafIk_XN7qJ8Dp-yXY1spoYpB36yonC4MNv1uin-BvZME7ZFu2i8uaCfMGW70rVhBOT4NEzBT7cs5LgPWgsk3irlWByOr1tTrLRcX7MNAPdIc1tMyqMNUKwrDLZMOf5tnj63KIc-0v9c8ppVY3Z06nV0JOhg_ZlhHD9Z6EOwVsWM1-tQRaXdlPlF4_BcW7bz5AKa3uH_Z6hYkV3hphhsHb5aMy4WTgUT_r6xxk_2_07HQZU8Y2hcXd1KAXD0LvK2OvzTrJZdSwabWFZYiA6-daapYMnSMS_wJryqN444DeSn9BV3A_4NxbdWTJoCDvGKohSuC5Qlaw5n7BgDw]
Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host 
is idle (timeout = 1799998 msecs)
Nov 20 08:59:19 auth: Error: 
oauth2(fran...@mydomain.com,10.10.40.30,<4Gv83JAKyOcKCige>): oauth2 
failed: Token validation failed: connect(10.10.200.10:443) failed: 
Connection refused
Nov 20 08:59:19 auth: Debug: http-client[1]: request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo/token=eyJhbGciOiJS...redacted..CI6MTcwMDQ2NzE1OSwiYXV0aF...: 
Destroy (requests left=1)
Nov 20 08:59:19 auth: Debug: http-client[1]: request [Req1: GET 
https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo/token=eyJhbGciOiJSUzI1Ni...redacted...c0NTksImlhdCI6MTcwMDQ2NzE1OSwiYXV0aF...: 
Free (requests left=0)
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Connection close
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Connection disconnect
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Disconnected: connect() failed: Connection refused (fd=24)
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Detached peer
Nov 20 08:59:19 auth: Debug: http-client: conn 10.10.200.10:443 [1]: 
Connection destroy
Nov 20 08:59:21 imap-login: Info: Disconnected: Connection closed (auth 
service reported temporary failure): user=<fran...@mydomain.com>, 
method=XOAUTH2, rip=10.10.40.30, lip=172.18.0.10, TLS, 
session=<4Gv83JAKyOcKCige>
Nov 20 08:59:35 auth: Debug: http-client[1]: peer 10.10.200.10:443: Peer 
close
Nov 20 08:59:35 auth: Debug: http-client[1]: peer 10.10.200.10:443: Peer 
disconnect
Nov 20 08:59:35 auth: Debug: http-client[1]: peer 10.10.200.10:443: Peer 
destroy
Nov 20 08:59:35 auth: Debug: http-client: peer 10.10.200.10:443: Peer 
pool destroy
Nov 20 08:59:35 auth: Debug: http-client: peer 10.10.200.10:443 
(shared): Peer destroy
Nov 20 08:59:35 auth: Debug: http-client: host auth.mydomain.com: Host 
session destroy
Nov 20 08:59:35 auth: Debug: http-client[1]: queue 
https://auth.mydomain.com:443: Destroy
Nov 20 08:59:35 auth: Debug: http-client: host auth.mydomain.com: Host 
destroy



_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org






















					Reply via email to