[horde] ActiveSync not authenticating - 401 Unauthorized
OnkelM
onkelm08 at gmail.com
Tue Jun 9 19:05:00 UTC 2015
2015-06-09 18:40 GMT+02:00 Michael J Rubinsky <mrubinsk at horde.org>:
>
> Quoting OnkelM <onkelm08 at gmail.com>:
>
> 2015-06-08 22:34 GMT+02:00 Michael J Rubinsky <mrubinsk at horde.org>:
>>
>>
>>> Quoting OnkelM <onkelm08 at gmail.com>:
>>>
>>> Am 08.06.2015 9:45 nachm. schrieb "Michael J Rubinsky" <
>>>
>>>> mrubinsk at horde.org>:
>>>>
>>>>
>>>>>
>>>>> Quoting OnkelM <onkelm08 at gmail.com>:
>>>>>
>>>>> 2015-06-08 21:19 GMT+02:00 Michael J Rubinsky <mrubinsk at horde.org>:
>>>>>
>>>>>>
>>>>>>
>>>>>> Quoting OnkelM <onkelm08 at gmail.com>:
>>>>>>>
>>>>>>> Hi Michael,
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> here is my config:
>>>>>>>>
>>>>>>>> $conf['auth']['params']['app'] = 'imp';
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> $conf['activesync']['auth']['type'] = 'basic';
>>>>>>>>
>>>>>>>> $conf['activesync']['autodiscovery'] = 'full';
>>>>>>>>
>>>>>>>>
>>>>>>>> Does your auth backend require full email addresses as usernames?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> $conf['activesync']['enabled'] = true;
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> i am not using auth hooks, only the default settings
>>>>>>>>
>>>>>>>> so... where should is start to track it down? how?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Gruß
>>>>>>>>
>>>>>>>> 2015-06-08 20:39 GMT+02:00 Michael J Rubinsky <mrubinsk at horde.org>:
>>>>>>>>
>>>>>>>>
>>>>>>>> Quoting OnkelM <onkelm08 at gmail.com>:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> how is this happening? I made the following test request:
>>>>>>>>>>
>>>>>>>>>> POST https://horde-host/Microsoft-Server-ActiveSync
>>>>>>>>>>
>>>>>>>>>> ?DeviceType=WP8&Cmd=Provision&DeviceId=12345678901
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> HEADERS
>>>>>>>>>>>
>>>>>>>>>>> *Accept:* */*
>>>>>>>>>>>
>>>>>>>>>>> *Accept-Encoding:* gzip, deflate
>>>>>>>>>>>
>>>>>>>>>>> *Accept-Language:* de
>>>>>>>>>>>
>>>>>>>>>>> *Authorization:* Basic
>>>>>>>>>>> YWRtaW5Ab25rZWxtLmNvbTpCZDMwMDQ4NCM5NjQ0MA==
>>>>>>>>>>>
>>>>>>>>>>> *Cache-Control:* no-cache
>>>>>>>>>>>
>>>>>>>>>>> *Connection:* Keep-Alive
>>>>>>>>>>>
>>>>>>>>>>> *Content-Length:* 600
>>>>>>>>>>>
>>>>>>>>>>> *Content-Type:* application/vnd.ms-sync.wbxml
>>>>>>>>>>>
>>>>>>>>>>> *Host:* horde-host
>>>>>>>>>>>
>>>>>>>>>>> *Ms-Asprotocolversion:* 14.0
>>>>>>>>>>>
>>>>>>>>>>> *User-Agent:* runscope/0.1,ASOM
>>>>>>>>>>>
>>>>>>>>>>> *X-Ms-Policykey:* 0
>>>>>>>>>>> QUERYSTRING
>>>>>>>>>>>
>>>>>>>>>>> *Cmd:* Provision
>>>>>>>>>>>
>>>>>>>>>>> *DeviceId:* 12345678901
>>>>>>>>>>>
>>>>>>>>>>> *DeviceType:* WP8
>>>>>>>>>>> BODY
>>>>>>>>>>>
>>>>>>>>>>> <?xml version="1.0" encoding="utf-8" ?><Provision
>>>>>>>>>>> xmlns="Provision:">
>>>>>>>>>>> <DeviceInformation
>>>>>>>>>>> xmlns="Settings:">
>>>>>>>>>>> <Set>
>>>>>>>>>>> <Model>RM-821_eu_euro2_248</Model>
>>>>>>>>>>> <IMEI>imeiimeiimeiimeiimei</IMEI>
>>>>>>>>>>> <FriendlyName>Lumia 920</FriendlyName>
>>>>>>>>>>> <OS>Windows Phone 8.0.9903</OS>
>>>>>>>>>>> <OSLanguage>German</OSLanguage>
>>>>>>>>>>> <PhoneNumber>+0152xxxxxxxx</PhoneNumber>
>>>>>>>>>>> <UserAgent>MSFT-WP/8.0.9903</UserAgent>
>>>>>>>>>>> <EnableOutboundSMS>0</EnableOutboundSMS>
>>>>>>>>>>> </Set>
>>>>>>>>>>> </DeviceInformation>
>>>>>>>>>>> <Policies>
>>>>>>>>>>> <Policy>
>>>>>>>>>>> <PolicyType>MS-EAS-Provisioning-WBXML</PolicyType>
>>>>>>>>>>> </Policy>
>>>>>>>>>>> </Policies></Provision>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> And Horde is answering this:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 401 Unauthorized
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> HEADERS
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> *Allow:* OPTIONS,POST
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Cache-Control:* private, max-age=10800, pre-check=10800
>>>>>>>>>>>
>>>>>>>>>>> *Connection:* Keep-Alive
>>>>>>>>>>>
>>>>>>>>>>> *Content-Encoding:* gzip
>>>>>>>>>>>
>>>>>>>>>>> *Content-Type:* text/html
>>>>>>>>>>>
>>>>>>>>>>> *Date:* Mon, 08 Jun 2015 18:17:07 GMT
>>>>>>>>>>>
>>>>>>>>>>> *Expires:* Thu, 19 Nov 1981 08:52:00 GMT
>>>>>>>>>>>
>>>>>>>>>>> *Keep-Alive:* timeout=2, max=1000
>>>>>>>>>>>
>>>>>>>>>>> *Last-Modified:* Fri, 05 Jun 2015 15:28:26 GMT
>>>>>>>>>>>
>>>>>>>>>>> *Ms-Asprotocolcommands:*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>> Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponse,Search,Settings,Ping,ItemOperations,Provision,ResolveRecipients,ValidateCert
>>>>
>>>>
>>>>> *Ms-Asprotocolversions:* 2.5,12.0,12.1,14.0,14.1
>>>>>>>>>>>
>>>>>>>>>>> *Ms-Server-Activesync:* 14.2
>>>>>>>>>>>
>>>>>>>>>>> *Public:* OPTIONS,POST
>>>>>>>>>>>
>>>>>>>>>>> *Server:* Apache
>>>>>>>>>>>
>>>>>>>>>>> *Set-Cookie:* PHPSESSID=8f3379819e428da3e5e28cf0b60c872c; path=/
>>>>>>>>>>>
>>>>>>>>>>> *Transfer-Encoding:* chunked
>>>>>>>>>>>
>>>>>>>>>>> *Vary:* Accept-Encoding
>>>>>>>>>>>
>>>>>>>>>>> *Www-Authenticate:* Basic realm="Horde ActiveSync"
>>>>>>>>>>> BODY
>>>>>>>>>>>
>>>>>>>>>>> (empty)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Why is Horde not accepting my login ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Could be a number of reasons: Misconfigured ActiveSync settings
>>>>>>>>>>
>>>>>>>>> (configured to use full email address as username but only sending
>>>>>>>>> username, or the reverse), misconfigured auth hooks, x509 cert
>>>>>>>>> misuse/configuration etc...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> mike
>>>>>>>>> The Horde Project
>>>>>>>>> http://www.horde.org
>>>>>>>>> https://www.facebook.com/hordeproject
>>>>>>>>> https://www.twitter.com/hordeproject
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Horde mailing list
>>>>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> --
>>>>>>> mike
>>>>>>> The Horde Project
>>>>>>> http://www.horde.org
>>>>>>> https://www.facebook.com/hordeproject
>>>>>>> https://www.twitter.com/hordeproject
>>>>>>>
>>>>>>> --
>>>>>>> Horde mailing list
>>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Does your auth backend require full email addresses as usernames?
>>>>>>
>>>>>>
>>>>>> do you mean the horde setting or the imap login?
>>>>>> horde is configured to use full email address with @ and host,
>>>>>> tried to login to my imap server with the full email address as
>>>>>> username
>>>>>> and password and it worked
>>>>>> i can login to webmail in horde with the full email address as the
>>>>>> login
>>>>>> name and the password.
>>>>>>
>>>>>>
>>>>>
>>>>> ...and this is what you have explicitly typed into the ActiveSync
>>>>> client?
>>>>>
>>>>>
>>>>> --
>>>>> mike
>>>>> The Horde Project
>>>>> http://www.horde.org
>>>>> https://www.facebook.com/hordeproject
>>>>> https://www.twitter.com/hordeproject
>>>>>
>>>>> --
>>>>> Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>
>>>>>
>>>>> Sure i did it. I made sure i typed the username and password correctly
>>>> letter by letter.
>>>>
>>>>
>>> Then you are going to have to find out why Horde isn't receiving the
>>> correct password. Other possibilities are that the user in question
>>> doesn't
>>> have permissions to use ActiveSync - you can check this in the
>>> administrative permissions interface. Check the Horde log for any hints
>>> as
>>> well.
>>>
>>>
>>>
>>> --
>>> mike
>>> The Horde Project
>>> http://www.horde.org
>>> https://www.facebook.com/hordeproject
>>> https://www.twitter.com/hordeproject
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>>
>>>
>> Found the problem. It was indeed the mod_rewrite Prefix "REDIRECT_".
>>
>> Have to change the file*
>> /framework/ActiveSync/lib/Horde/ActiveSync/Credentials.php*
>> *from:*
>>
>> } elseif (!empty($serverVars['HTTP_AUTHORIZATION']) ||
>>> !empty($serverVars['Authorization'])) {
>>> // Some clients use the non-standard 'Authorization' header.
>>> $authorization = !empty($serverVars['HTTP_AUTHORIZATION'])
>>> ? $serverVars['HTTP_AUTHORIZATION']
>>>
>>
>>
>> *to:*
>>
>> } elseif (!empty($serverVars['*REDIRECT_*HTTP_AUTHORIZATION']) ||
>>> !empty($serverVars['Authorization'])) {
>>> // Some clients use the non-standard 'Authorization' header.
>>> $authorization = !empty($serverVars['*REDIRECT_*
>>> HTTP_AUTHORIZATION'])
>>> ? $serverVars['*REDIRECT_*HTTP_AUTHORIZATION']
>>>
>>
>>
>> maybe for outlook we also need to change the file
>> /framework/ActiveSync/lib/Horde/ActiveSync/Request/Autodiscover.php as
>> well
>> *from:*
>>
>> if (empty($values) && !empty($server['HTTP_AUTHORIZATION'])) {
>>> $hash = base64_decode(str_replace('Basic ', '',
>>> $server['HTTP_AUTHORIZATION']));
>>>
>>
>>
>> *to:*
>>
>> if (empty($values) &&
>>> !empty($server['*REDIRECT_*HTTP_AUTHORIZATION']))
>>> {
>>> $hash = base64_decode(str_replace('Basic ', '', $server['
>>> *REDIRECT_*HTTP_AUTHORIZATION']));
>>>
>>
>>
>>
>>
>> can someone add this to the git branch?
>> for example like this: ?
>>
>> *$http_auth = !empty($server['HTTP_AUTHORIZATION']) ?
>>> $server['HTTP_AUTHORIZATION'] :
>>> !empty($server['REDIRECT_HTTP_AUTHORIZATION']) ?
>>> $server['REDIRECT_HTTP_AUTHORIZATION] : "";*
>>> if (empty($values) && !empty(*$http_auth*)) {
>>> $hash = base64_decode(str_replace('Basic ', '',
>>> *$http_auth*);
>>>
>>
>>
>> and the other file like this: ?
>>
>> * $http_auth = !empty($serverVars['HTTP_AUTHORIZATION']) ?
>>
>>> $serverVars['HTTP_AUTHORIZATION'] :
>>> !empty($serverVars['REDIRECT_HTTP_AUTHORIZATION']) ?
>>> $serverVars['REDIRECT_HTTP_AUTHORIZATION'] : "";*
>>>
>>
>> if (!empty($serverVars['PHP_AUTH_PW'])) {
>>
>>> $user = $serverVars['PHP_AUTH_USER'];
>>> $pass = $serverVars['PHP_AUTH_PW'];
>>> } elseif (!empty(*$http_auth*) ||
>>> !empty($serverVars['Authorization'])) {
>>> // Some clients use the non-standard 'Authorization' header.
>>> $authorization = !empty(*$http_auth*)
>>> ? *$http_auth*
>>> : $serverVars['Authorization'];
>>>
>>
>
> No, this can of workaround does not belong in code. You need to ensure the
> auth data is correctly passed in an appropriate environment variable. This
> is already discussed on the wiki page. See
> http://wiki.horde.org/ActiveSync
>
>
>
>
> --
> mike
> The Horde Project
> http://www.horde.org
> https://www.facebook.com/hordeproject
> https://www.twitter.com/hordeproject
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
if that (workaround) (in fact it is a redirect feature from apache 2 that
you cannot control untill you have access to the apache server..., ) (HTTP_
is a prefix feature too...)
does not belong in code...
how come, the same code/workaround is available in the files
*/libs/Sabre/HTTP/BasicAuth.php* and */libs/Sabre/HTTP/DigestAuth.php* ?
are you saying that horde is not made for running on managed webhosting
packages?
More information about the horde
mailing list