Re: [auth] epoll_ctl(add, 13) failed: Operation not permitted (fd doesn't support epoll)

2023-11-20 Thread John Stoffel
Hi Alex, I don't know anything about SELinux, beyond that it's a pain to work with and causes all kinds of funky issues. Make sure you turn on verbose logging with SELinux so that you can see all that it's doing, but honestly, I cannot help you much more. John > just for completeness, her

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Francis Augusto Medeiros-Logeay via dovecot
It seems that it works on the dovecot side. When Roundcube sends the token, I get the user authenticated via IMAP/oauth2 in dovecot. What worked for me was: - adding client_id and client_secret - removing the tokeninfo_url, using just the introspect_url and introspect_mode=token. Now gott

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Francis Augusto Medeiros-Logeay via dovecot
--- Francis Augusto Medeiros-Logeay Oslo, Norway On 2023-11-20 09:04, Aki Tuomi wrote: On 20/11/2023 10:03 EET Francis Augusto Medeiros-Logeay wrote: > Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply > concatenate tokeninfo_url and token, so you need to provide the URL i

Re: [auth] epoll_ctl(add, 13) failed: Operation not permitted (fd doesn't support epoll)

2023-11-20 Thread Alexander Vogt via dovecot
Hi John, just for completeness, here are the additional policies to SELinux that I had enabled (prior to semanage permissive -a dovecot_auth_t): #= dovecot_auth_t == # This avc is allowed in the current policy allow dovecot_auth_t dovecot_t:tcp_socket { accept getat

Re: [EXT] Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Aki Tuomi via dovecot
> On 20/11/2023 10:03 EET Francis Augusto Medeiros-Logeay > wrote: > > > > Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply > > concatenate tokeninfo_url and token, so you need to provide the URL in > > that fashion. > > > > Aki > > Thanks Aki. > > Still no go: > > >

Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Francis Augusto Medeiros-Logeay via dovecot
Try adding /?token= to tokeninfo_url. Dovecot 2.3.7.2 will simply concatenate tokeninfo_url and token, so you need to provide the URL in that fashion. Aki Thanks Aki. Still no go: Nov 20 08:59:19 auth: Debug: http-client: host auth.mydomain.com: Host created Nov 20 08:59:19 auth: Debug

Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Urban Loesch via dovecot
Hi, I'm running dovecot with keycloak without problems since 1 month. >>Nov 20 08:20:30 auth: Error: oauth2(fran...@mydomain.com,10.10.40.30,): oauth2 failed: connect(10.10.100.10:443) failed: Connection refused It seem's that your keycloak is not responding to connection requests on port 443

Re: dovecot and oauth2 (with keycloak) not working

2023-11-20 Thread Aki Tuomi via dovecot
> On 20/11/2023 09:29 EET Francis Augusto Medeiros-Logeay via dovecot > wrote: > > > Hi, > > I successfully configured Roundcube to use keycloak for oauth2. > > However, I am having trouble to make it work with dovecot. My configuration > is this: > > cat dovecot-oauth2.conf.ext > tokenin