[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Inf-IT DAVcl] carddavmate xml login not working


When I set crossdomain to null I get:
Info: [globalNetworkCheckSettings:
'https://kalender.myserver.de/carddavmate/auth/'] crossDomain set to:
'false' in "firebug".

In both cases I get a XML as described before.

The certificate is known by the browser, when I try to open

https://kalender.myserver.de/caldav.php/tuser it just ask for username/
passwd.

I have search for GlobalLoginUsername and this also set, when I XML.

Regards,
basti

On 19.07.2013 12:56, Ján Máté wrote:
> Hi,
> 
> On Jul 19, 2013, at 12:15 PM, basti <mailinglist@xxxxxxxxxxxxxxxx> wrote:
> 
>> Hello,
>>
>> we try to use Carddavmate with XML-auth to implement this in owr own
>> software.
>> At the moment we have the following config:
>>
>> Davical Server: https://kalender.myserver.de/caldav.php
>> Carddavmate:    https://kalender.myserver.de/carddavmate/
>>
>> config.js
>>
>> var globalNetworkCheckSettings={href:
>> location.protocol+'//'+location.hostname+(location.port ?
>> ':'+location.port:
>> '')+location.pathname.replace(RegExp('/+[^/]+/*(index\.html)?$'),'')+'/carddavmate/auth/',
>> crossDomain: true, withCredentials: false, syncInterval: 0, timeOut:
>> 30000, additionalResources: ['nx4group'], delegation: true};
> 
> why "crossDomain: true"? ... both DAViCal server and also CardDavMATE use the same 
> origin (protocol, host, port) "https://kalender.myserver.de"; => your setup is NOT cross-domain
> 
>> /auth/config.inc
>>
>> <?php
>>    // auth method: generic (auth/plugins/generic_conf.inc) or ldap
>> (auth/plugins/ldap_conf.inc)
>>    $config['auth_method']='generic';
>>
>>    // set to true for debugging XML response, otherwise set to false to
>> avoid browser
>>    //  to show http authentication window after unsuccessful authentication
>>    $config['auth_send_authenticate_header']=false;
>>
>>    // successfull authentication XML specification (change the
>> "http://www.server.com:80"; to your protocol/server/port)
>>    $config['accounts']=array('resources'=>array());
>>
>>    // note: if you want to use regex values, then use one of the
>> following formats (the second example is with regex modifier):
>> 're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$'
>>    $config['accounts']['resources'][]=array(
>>        'resource'=>array(
>>            'type'=>array('addressbook'=>''),
>>
>> 'href'=>'https://kalender.myserver.de/caldav.php/'.$_SERVER['PHP_AUTH_USER'].'/',
>>            'hreflabel'=>'',        // if undefined or empty href value
>> is used (see above)
>>            'crossdomain'=>'true',        // set to true for different
>> protocol/server/port origin (default is null = autodetect)
>>            'forcereadonly'=>'null',    // see
>> auth/doc/example_config_response.xml for proper use, for example:
>> 'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'),
>> array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')),
>>            'withcredentials'=>'false',    // for experts only (note: if
>> true, Access-Control-Allow-Origin "*" is not allowed)
>>            'showheader'=>'true',        // if undefined, empty or not
>> false header is displayed
>>            'settingsaccount'=>'true',    // client properties are saved
>> here (note: set it to true only for ONE account)
>>            'checkcontenttype'=>'true',    // check content-type in the
>> server response (if you cannot see data in the interface /buggy server
>> response/ you may try to disable it)
>>            'delegation'=>'true',        // see
>> auth/doc/example_config_response.xml for proper use, for example:
>> 'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'),
>> array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')),
>>            'userauth'=>array(
>>                'username'=>$_SERVER['PHP_AUTH_USER'],
>>                'password'=>$_SERVER['PHP_AUTH_PW']
>>            ),
>>            'syncinterval'=>60000,
>>            'timeout'=>30000,
>>            'locktimeout'=>10000
>>        )
>>    );
>> ?>
>>
>> auth/generic.conf
>>
>> <?php
>>    // Server base URL
>>    $pluginconfig['base_url']='https://kalender.myserver.de';
>>
>>    // Default values are usually OK
>>    //  for Davical:
>>    $pluginconfig['request']='/caldav.php';    // change only if your
>> Davical is not installed into server root directory
>>    //  for Lion server:
>>    //$pluginconfig['request']='/principals/users';
>>
>>    $pluginconfig['timeout']=30;
>> ?>
>>
>> the xml (header) looks like:
>>
>> <resources xmlns="urn:com.inf-it:configuration">
>> <resource>
>> <type>
>> <addressbook></addressbook>
>> </type>
>> <href>https://kalender.myserver.de/caldav.php/tuser/</href>
>> <hreflabel></hreflabel>
>> <crossdomain>true</crossdomain>
>> <forcereadonly>null</forcereadonly>
>> <withcredentials>false</withcredentials>
>> <showheader>true</showheader>
>> <settingsaccount>true</settingsaccount>
>> <checkcontenttype>true</checkcontenttype>
>> <delegation>true</delegation>
>> <userauth>
>> <username>tuser</username>
>> <password>123456</password>
>> </userauth>
>> <syncinterval>60000</syncinterval>
>> <timeout>30000</timeout>
>> <locktimeout>10000</locktimeout>
>> </resource>
>> </resources>
> 
> the same problem (<crossdomain>true</crossdomain>) ... why you not
> use the default (null = autodetect)?
> 
>> But we cant login, the is always the login-screen shown
>>
>> auth/index.php
>>
>> <?php
>>    require_once('config.inc');
>>    require_once('common.inc');
>>    require_once('cross_domain.inc');
>>    require_once('plugins/'.$config['auth_method'].'.inc');    //
>> configured module - it defines the 'MODULE_authenticate()' function
>>
>>    if(call_user_func($config['auth_method'].'_authenticate')!==1)
>>    {
>>        // HTTP authentication (exit if unsuccessfull)
>>        if($config['auth_send_authenticate_header'])
>>            header('WWW-Authenticate: Basic realm="Inf-IT Auth Module"');
>>        header('HTTP/1.0 401 Unauthorized');
>> echo <<<HTML
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> <html>
>>    <head>
>>    <title>401 Authorization Required</title>
>>    </head>
>>    <body>
>>    <h1>Authorization Required</h1>
>>    <p>This server could not verify that you are authorized to access
>> the document requested. Either you supplied the wrong credentials (e.g.,
>> bad password), or your browser doesn't understand how to supply the
>> credentials required.</p>
>>    </body>
>> </html>
>> HTML;
>>        exit(0);
>>    }
>>    else
>>    {
>> /* debug output */
>> exit ("here we are but login screen is still shown");
>>        header('Content-type: text/xml; charset="utf-8"');
>>        echo array_to_xml($config['accounts']);
>>
>>    }
>> ?>
> 
> So looks like you get the XML response from the auth module (you can test it
> by opening directly the /auth/ URL and entering your credentials) ... if the client
> gets the configuration XML then the auth module is working correctly.
> 
> Usually the problem is related to your server certificate. Are you sure that your 
> server certificate is trusted by your browser? ... if you visit a HTTPS server with 
> invalid certificate your browser will ask to add exception, but JavaScript cannot 
> ask for exception - it will simply refuse to connect.
> 
> Try to open the principal URL directly in your browser and if it will ask you for exception
> then this is the problem.
> 
> 
> JM
> 

Follow-Ups:
Re: [Inf-IT DAVcl] carddavmate xml login not workingbasti <mailinglist@xxxxxxxxxxxxxxxx>
References:
[Inf-IT DAVcl] carddavmate xml login not workingbasti <mailinglist@xxxxxxxxxxxxxxxx>
Re: [Inf-IT DAVcl] carddavmate xml login not workingJán Máté <jan.mate@xxxxxxxxxx>