Looks like I had cgid_module and suexec_module on 20.05 enabled in
addition to what you have, but disabling them did not help.
--Ere
Tomas Cohen Arazi kirjoitti 26.5.2021 klo 15.20:
So maybe it is a side effect of using some authentication module in Apache?
This is from a 20.05 setup, that I know OAuth2 is being used by a vendor:
$ sudo apache2ctl -D DUMP_MODULES
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_itk_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
proxy_module (shared)
proxy_http_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
El mié, 26 may 2021 a las 3:28, Ere Maijala (<ere.maij...@helsinki.fi
<mailto:ere.maij...@helsinki.fi>>) escribió:
Do you mean OAuth2 is working for you without anything special in
Apache
config? I've not been that fortunate yet, though it might depend on
whether authentication plugins are enabled in Apache.
--Ere
Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15:
> I wonder why it is working out of the box, and not for you. Is
there any
> special apache config you're using?
>
> If not, then this is something we should patch in the Koha
packages for
> everyone.
>
> Kind regards
>
> El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan
<aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>
> <mailto:aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>>>
escribió:
>
> Thank you so much guys,
>
> Was a bit busy the past couple of days and could'nt work on
it. But I
> followed the documentation mentioned by Ere and it worked!
>
> SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
>
>
> If anyone else faces this issue, you should add this command
under
> <VirtualHost> </VirtualHost> Tag .
>
> Thanks,
> Aswin
>
> On Wed, 19 May 2021 at 14:20, Ere Maijala
<ere.maij...@helsinki.fi <mailto:ere.maij...@helsinki.fi>
> <mailto:ere.maij...@helsinki.fi
<mailto:ere.maij...@helsinki.fi>>> wrote:
>
> > My documented steps to make sure OAuth2 is working are here:
> >
> >
> >
>
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
<https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>
>
<https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>>
> >
> > This may be useful for you. I suppose it would make sense
to document
> > this properly in Koha wiki as well, I just haven't had time...
> >
> > Best,
> > Ere
> >
> > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
> > > Thanks for pointing that out Stephen, I will have to
look into
> that, it
> > > might be the issue here.
> > >
> > > Tomas, I am not exactly sure if we have plack running or
not.
> Plack
> > seems
> > > to be enabled, but plack logs are all empty. the logs
are all at
> > > intranet-error.log and opac-error.log
> > >
> > > I will try out the apache CGIPass method as Stephen
suggested
> and get
> > back
> > > if it works.
> > >
> > > Thanks,
> > > Aswin
> > >
> > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi
> <tomasco...@gmail.com <mailto:tomasco...@gmail.com>
<mailto:tomasco...@gmail.com <mailto:tomasco...@gmail.com>>>
> > > wrote:
> > >
> > >> Are you running Plack?
> > >>
> > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (<
> > >> aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>
<mailto:aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>>>)
escribió:
> > >>
> > >>> Thanks Stephen, Tomas for the quick response.
> > >>>
> > >>> Aswin - are you using the correct URL to call your custom
> endpoint. It
> > >>>> should be under the contrib namespace e.g.
> > >>>>
> > >>>
> > >>> The app i am making is not part of koha, its a
seperate web
> app which
> > >>> makes calls to /api/v1/ end points of the koha server.
> > >>>
> > >>> Does the user (owner of the id/secret pair) have
privileged
> access to
> > >>>> Koha? Remember it needs to have permissions to enter
the staff
> > interface
> > >>>> (the 'catalogue' permission) in order to access routes
> (other than
> > those in
> > >>>> the /api/v1/public namespace).
> > >>>>
> > >>> Yes, the user has permission set to access all librarian
> functions, I
> > >>> also tried accessing the api end point via browser after
> logging in to
> > the
> > >>> staff portal with this user, and im getting the
correct response.
> > >>>
> > >>> Im also not able to access api/v1/.html from the
browser, it
> gives a
> > 403
> > >>> Error page. I checked the error logs and found this
> > >>>
> > >>> [authz_core:error] [pid 25846] AH01630: client denied
by server
> > >>>> configuration: /usr/share/koha/api/v1/.html
> > >>>>
> > >>>
> > >>>
> > >>> Is there any logging systems in place which could give
more info
> > >>> regarding the authorization failure error? or any idea
whats
> wrong?
> > >>>
> > >>> Thanks,
> > >>> Aswin
> > >>>
> > >>>
> > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi
> <tomasco...@gmail.com <mailto:tomasco...@gmail.com>
<mailto:tomasco...@gmail.com <mailto:tomasco...@gmail.com>>>
> > >>> wrote:
> > >>>
> > >>>> Does the user (owner of the id/secret pair) have
privileged
> access to
> > >>>> Koha? Remember it needs to have permissions to enter
the staff
> > interface
> > >>>> (the 'catalogue' permission) in order to access routes
> (other than
> > those in
> > >>>> the /api/v1/public namespace).
> > >>>>
> > >>>> BTW: All routes also have some required permissions you
> should take a
> > >>>> look at. Specific ones.
> > >>>>
> > >>>> Kind regards
> > >>>>
> > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<
> > >>>> aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>
<mailto:aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>>>)
escribió:
> > >>>>
> > >>>>> Hi,
> > >>>>>
> > >>>>> I wanted to build an app that uses the koha API, and
so i was
> > testing it
> > >>>>> out, but I keep getting "Authentication Failure" error
> whichever end
> > >>>>> point
> > >>>>> I try to access.
> > >>>>> The steps i did are
> > >>>>>
> > >>>>> 1. Got the client_id / secret from koha
> > >>>>> 2. Sent a POST request to api/v1/oauth/token with
required
> parameters
> > >>>>> and
> > >>>>> got an "access_token" returned
> > >>>>> 3. Added the token to my authorization header with
> header-prefix
> > >>>>> "Bearer"
> > >>>>> 4. Sent a GET request to different end points, but
getting
> the same
> > 401
> > >>>>> Unauthorized error code with error : Authentication
failure
> > >>>>>
> > >>>>> However if i access one of the public end points like
> > >>>>> /api/v1/biblios/{biblio_id} i can get a response
> > >>>>>
> > >>>>> If anyone has any idea why this is happening,
please let
> me know.
> > >>>>>
> > >>>>> Thanks in advance,
> > >>>>> Aswin
> > >>>>> _______________________________________________
> > >>>>>
> > >>>>> Koha mailing list http://koha-community.org
<http://koha-community.org>
> <http://koha-community.org <http://koha-community.org>>
> > >>>>> Koha@lists.katipo.co.nz
<mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz
<mailto:Koha@lists.katipo.co.nz>>
> > >>>>> Unsubscribe:
> https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>
> <https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Tomás Cohen Arazi
> > >>>> Theke Solutions (http://theke.io <http://theke.io>
<http://theke.io <http://theke.io>>)
> > >>>> ✆ +54 9351 3513384
> > >>>> GPG: B2F3C15F
> > >>>>
> > >>>
> > >>
> > >> --
> > >> Tomás Cohen Arazi
> > >> Theke Solutions (http://theke.io <http://theke.io>
<http://theke.io <http://theke.io>>)
> > >> ✆ +54 9351 3513384
> > >> GPG: B2F3C15F
> > >>
> > > _______________________________________________
> > >
> > > Koha mailing list http://koha-community.org
<http://koha-community.org>
> <http://koha-community.org <http://koha-community.org>>
> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>
<mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>>
> > > Unsubscribe:
https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>
> <https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>>
> > >
> >
> > --
> > Ere Maijala
> > Kansalliskirjasto / The National Library of Finland
> > _______________________________________________
> >
> > Koha mailing list http://koha-community.org
<http://koha-community.org>
> <http://koha-community.org <http://koha-community.org>>
> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>
<mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>>
> > Unsubscribe:
https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>
> <https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>>
> >
> _______________________________________________
>
> Koha mailing list http://koha-community.org
<http://koha-community.org> <http://koha-community.org
<http://koha-community.org>>
> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>
<mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>>
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>
> <https://lists.katipo.co.nz/mailman/listinfo/koha
<https://lists.katipo.co.nz/mailman/listinfo/koha>>
>
--
Ere Maijala
Kansalliskirjasto / The National Library of Finland
--
Tomás Cohen Arazi
Theke Solutions (http://theke.io <http://theke.io/>)
✆ +54 9351 3513384
GPG: B2F3C15F
--
Ere Maijala
Kansalliskirjasto / The National Library of Finland
_______________________________________________
Koha mailing list http://koha-community.org
Koha@lists.katipo.co.nz
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
