19 Jul
2013
19 Jul
'13
10:56 a.m.
Hi,
On Jul 19, 2013, at 12:15 PM, basti <mailinglist(a)unix-solution.de> wrote:
Hello,
we try to use Carddavmate with XML-auth to implement this in owr own
software.
At the moment we have the following config:
Davical Server: https://kalender.myserver.de/caldav.php
Carddavmate: https://kalender.myserver.de/carddavmate/
config.js
var globalNetworkCheckSettings={href:
location.protocol+'//'+location.hostname+(location.port ?
':'+location.port:
'')+location.pathname.replace(RegExp('/+[^/]+/*(index\.html)?$'),'')+'/carddavmate/auth/',
crossDomain: true, withCredentials: false, syncInterval: 0, timeOut:
30000, additionalResources: ['nx4group'], delegation: true};
why "crossDomain: true"? ... both DAViCal server and also CardDavMATE use the
same
origin (protocol, host, port) "https://kalender.myserver.de" => your setup is
NOT cross-domain
/auth/config.inc
<?php
// auth method: generic (auth/plugins/generic_conf.inc) or ldap
(auth/plugins/ldap_conf.inc)
$config['auth_method']='generic';
// set to true for debugging XML response, otherwise set to false to
avoid browser
// to show http authentication window after unsuccessful authentication
$config['auth_send_authenticate_header']=false;
// successfull authentication XML specification (change the
"http://www.server.com:80" to your protocol/server/port)
$config['accounts']=array('resources'=>array());
// note: if you want to use regex values, then use one of the
following formats (the second example is with regex modifier):
're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$'
$config['accounts']['resources'][]=array(
'resource'=>array(
'type'=>array('addressbook'=>''),
'href'=>'https://kalender.myserver.de/caldav.php/'.$_SERVER['PHP_AUTH_USER'].'/',
'hreflabel'=>'', // if undefined or empty href
value
is used (see above)
'crossdomain'=>'true', // set to true for
different
protocol/server/port origin (default is null = autodetect)
'forcereadonly'=>'null', // see
auth/doc/example_config_response.xml for proper use, for example:
'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'),
array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')),
'withcredentials'=>'false', // for experts only
(note: if
true, Access-Control-Allow-Origin "*" is not allowed)
'showheader'=>'true', // if undefined, empty or
not
false header is displayed
'settingsaccount'=>'true', // client properties are
saved
here (note: set it to true only for ONE account)
'checkcontenttype'=>'true', // check content-type in
the
server response (if you cannot see data in the interface /buggy server
response/ you may try to disable it)
'delegation'=>'true', // see
auth/doc/example_config_response.xml for proper use, for example:
'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'),
array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')),
'userauth'=>array(
'username'=>$_SERVER['PHP_AUTH_USER'],
'password'=>$_SERVER['PHP_AUTH_PW']
),
'syncinterval'=>60000,
'timeout'=>30000,
'locktimeout'=>10000
)
);
?>
auth/generic.conf
<?php
// Server base URL
$pluginconfig['base_url']='https://kalender.myserver.de';
// Default values are usually OK
// for Davical:
$pluginconfig['request']='/caldav.php'; // change only if your
Davical is not installed into server root directory
// for Lion server:
//$pluginconfig['request']='/principals/users';
$pluginconfig['timeout']=30;
?>
the xml (header) looks like:
<resources xmlns="urn:com.inf-it:configuration">
<resource>
<type>
<addressbook></addressbook>
</type>
<href>https://kalender.myserver.de/caldav.php/tuser/</href>
<hreflabel></hreflabel>
<crossdomain>true</crossdomain>
<forcereadonly>null</forcereadonly>
<withcredentials>false</withcredentials>
<showheader>true</showheader>
<settingsaccount>true</settingsaccount>
<checkcontenttype>true</checkcontenttype>
<delegation>true</delegation>
<userauth>
<username>tuser</username>
<password>123456</password>
</userauth>
<syncinterval>60000</syncinterval>
<timeout>30000</timeout>
<locktimeout>10000</locktimeout>
</resource>
</resources>
the same problem (<crossdomain>true</crossdomain>) ... why you not
use the default (null = autodetect)?
But we cant login, the is always the login-screen
shown
auth/index.php
<?php
require_once('config.inc');
require_once('common.inc');
require_once('cross_domain.inc');
require_once('plugins/'.$config['auth_method'].'.inc');
//
configured module - it defines the 'MODULE_authenticate()' function
if(call_user_func($config['auth_method'].'_authenticate')!==1)
{
// HTTP authentication (exit if unsuccessfull)
if($config['auth_send_authenticate_header'])
header('WWW-Authenticate: Basic realm="Inf-IT Auth
Module"');
header('HTTP/1.0 401 Unauthorized');
echo <<<HTML
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>401 Authorization Required</title>
</head>
<body>
<h1>Authorization Required</h1>
<p>This server could not verify that you are authorized to access
the document requested. Either you supplied the wrong credentials (e.g.,
bad password), or your browser doesn't understand how to supply the
credentials required.</p>
</body>
</html>
HTML;
exit(0);
}
else
{
/* debug output */
exit ("here we are but login screen is still shown");
header('Content-type: text/xml; charset="utf-8"');
echo array_to_xml($config['accounts']);
}
?>
So looks like you get the XML response from the auth module (you can test it
by opening directly the /auth/ URL and entering your credentials) ... if the client
gets the configuration XML then the auth module is working correctly.
Usually the problem is related to your server certificate. Are you sure that your
server certificate is trusted by your browser? ... if you visit a HTTPS server with
invalid certificate your browser will ask to add exception, but JavaScript cannot
ask for exception - it will simply refuse to connect.
Try to open the principal URL directly in your browser and if it will ask you for
exception
then this is the problem.
JM