Hello,
we try to use Carddavmate with XML-auth to implement this in owr own software. At the moment we have the following config:
Davical Server: https://kalender.myserver.de/caldav.php Carddavmate: https://kalender.myserver.de/carddavmate/
config.js
var globalNetworkCheckSettings={href: location.protocol+'//'+location.hostname+(location.port ? ':'+location.port: '')+location.pathname.replace(RegExp('/+[^/]+/*(index.html)?$'),'')+'/carddavmate/auth/', crossDomain: true, withCredentials: false, syncInterval: 0, timeOut: 30000, additionalResources: ['nx4group'], delegation: true};
/auth/config.inc
<?php // auth method: generic (auth/plugins/generic_conf.inc) or ldap (auth/plugins/ldap_conf.inc) $config['auth_method']='generic';
// set to true for debugging XML response, otherwise set to false to avoid browser // to show http authentication window after unsuccessful authentication $config['auth_send_authenticate_header']=false;
// successfull authentication XML specification (change the "http://www.server.com:80" to your protocol/server/port) $config['accounts']=array('resources'=>array());
// note: if you want to use regex values, then use one of the following formats (the second example is with regex modifier): 're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$' $config['accounts']['resources'][]=array( 'resource'=>array( 'type'=>array('addressbook'=>''),
'href'=>'https://kalender.myserver.de/caldav.php/%27.$_SERVER%5B%27PHP_AUTH_USER%27%5...', 'hreflabel'=>'', // if undefined or empty href value is used (see above) 'crossdomain'=>'true', // set to true for different protocol/server/port origin (default is null = autodetect) 'forcereadonly'=>'null', // see auth/doc/example_config_response.xml for proper use, for example: 'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'), array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')), 'withcredentials'=>'false', // for experts only (note: if true, Access-Control-Allow-Origin "*" is not allowed) 'showheader'=>'true', // if undefined, empty or not false header is displayed 'settingsaccount'=>'true', // client properties are saved here (note: set it to true only for ONE account) 'checkcontenttype'=>'true', // check content-type in the server response (if you cannot see data in the interface /buggy server response/ you may try to disable it) 'delegation'=>'true', // see auth/doc/example_config_response.xml for proper use, for example: 'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'), array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')), 'userauth'=>array( 'username'=>$_SERVER['PHP_AUTH_USER'], 'password'=>$_SERVER['PHP_AUTH_PW'] ), 'syncinterval'=>60000, 'timeout'=>30000, 'locktimeout'=>10000 ) ); ?>
auth/generic.conf
<?php // Server base URL $pluginconfig['base_url']='https://kalender.myserver.de';
// Default values are usually OK // for Davical: $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory // for Lion server: //$pluginconfig['request']='/principals/users';
$pluginconfig['timeout']=30; ?>
the xml (header) looks like:
<resources xmlns="urn:com.inf-it:configuration"> <resource> <type> <addressbook></addressbook> </type> <href>https://kalender.myserver.de/caldav.php/tuser/</href> <hreflabel></hreflabel> <crossdomain>true</crossdomain> <forcereadonly>null</forcereadonly> <withcredentials>false</withcredentials> <showheader>true</showheader> <settingsaccount>true</settingsaccount> <checkcontenttype>true</checkcontenttype> <delegation>true</delegation> <userauth> <username>tuser</username> <password>123456</password> </userauth> <syncinterval>60000</syncinterval> <timeout>30000</timeout> <locktimeout>10000</locktimeout> </resource> </resources>
But we cant login, the is always the login-screen shown
auth/index.php
<?php require_once('config.inc'); require_once('common.inc'); require_once('cross_domain.inc'); require_once('plugins/'.$config['auth_method'].'.inc'); // configured module - it defines the 'MODULE_authenticate()' function
if(call_user_func($config['auth_method'].'_authenticate')!==1) { // HTTP authentication (exit if unsuccessfull) if($config['auth_send_authenticate_header']) header('WWW-Authenticate: Basic realm="Inf-IT Auth Module"'); header('HTTP/1.0 401 Unauthorized'); echo <<<HTML <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>401 Authorization Required</title> </head> <body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body> </html> HTML; exit(0); } else { /* debug output */ exit ("here we are but login screen is still shown"); header('Content-type: text/xml; charset="utf-8"'); echo array_to_xml($config['accounts']);
} ?>
Hi,
On Jul 19, 2013, at 12:15 PM, basti mailinglist@unix-solution.de wrote:
Hello,
we try to use Carddavmate with XML-auth to implement this in owr own software. At the moment we have the following config:
Davical Server: https://kalender.myserver.de/caldav.php Carddavmate: https://kalender.myserver.de/carddavmate/
config.js
var globalNetworkCheckSettings={href: location.protocol+'//'+location.hostname+(location.port ? ':'+location.port: '')+location.pathname.replace(RegExp('/+[^/]+/*(index.html)?$'),'')+'/carddavmate/auth/', crossDomain: true, withCredentials: false, syncInterval: 0, timeOut: 30000, additionalResources: ['nx4group'], delegation: true};
why "crossDomain: true"? ... both DAViCal server and also CardDavMATE use the same origin (protocol, host, port) "https://kalender.myserver.de" => your setup is NOT cross-domain
/auth/config.inc
<?php // auth method: generic (auth/plugins/generic_conf.inc) or ldap (auth/plugins/ldap_conf.inc) $config['auth_method']='generic'; // set to true for debugging XML response, otherwise set to false to avoid browser // to show http authentication window after unsuccessful authentication $config['auth_send_authenticate_header']=false; // successfull authentication XML specification (change the "http://www.server.com:80" to your protocol/server/port) $config['accounts']=array('resources'=>array()); // note: if you want to use regex values, then use one of the following formats (the second example is with regex modifier): 're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$' $config['accounts']['resources'][]=array( 'resource'=>array( 'type'=>array('addressbook'=>''), 'href'=>'https://kalender.myserver.de/caldav.php/'.$_SERVER['PHP_AUTH_USER'].'/', 'hreflabel'=>'', // if undefined or empty href value is used (see above) 'crossdomain'=>'true', // set to true for different protocol/server/port origin (default is null = autodetect) 'forcereadonly'=>'null', // see auth/doc/example_config_response.xml for proper use, for example: 'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'), array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')), 'withcredentials'=>'false', // for experts only (note: if true, Access-Control-Allow-Origin "*" is not allowed) 'showheader'=>'true', // if undefined, empty or not false header is displayed 'settingsaccount'=>'true', // client properties are saved here (note: set it to true only for ONE account) 'checkcontenttype'=>'true', // check content-type in the server response (if you cannot see data in the interface /buggy server response/ you may try to disable it) 'delegation'=>'true', // see auth/doc/example_config_response.xml for proper use, for example: 'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'), array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')), 'userauth'=>array( 'username'=>$_SERVER['PHP_AUTH_USER'], 'password'=>$_SERVER['PHP_AUTH_PW'] ), 'syncinterval'=>60000, 'timeout'=>30000, 'locktimeout'=>10000 ) ); ?>
auth/generic.conf
<?php // Server base URL $pluginconfig['base_url']='https://kalender.myserver.de'; // Default values are usually OK // for Davical: $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory // for Lion server: //$pluginconfig['request']='/principals/users'; $pluginconfig['timeout']=30; ?>
the xml (header) looks like:
<resources xmlns="urn:com.inf-it:configuration"> <resource> <type> <addressbook></addressbook> </type> <href>https://kalender.myserver.de/caldav.php/tuser/</href> <hreflabel></hreflabel> <crossdomain>true</crossdomain> <forcereadonly>null</forcereadonly> <withcredentials>false</withcredentials> <showheader>true</showheader> <settingsaccount>true</settingsaccount> <checkcontenttype>true</checkcontenttype> <delegation>true</delegation> <userauth> <username>tuser</username> <password>123456</password> </userauth> <syncinterval>60000</syncinterval> <timeout>30000</timeout> <locktimeout>10000</locktimeout> </resource> </resources>
the same problem (<crossdomain>true</crossdomain>) ... why you not use the default (null = autodetect)?
But we cant login, the is always the login-screen shown
auth/index.php
<?php require_once('config.inc'); require_once('common.inc'); require_once('cross_domain.inc'); require_once('plugins/'.$config['auth_method'].'.inc'); // configured module - it defines the 'MODULE_authenticate()' function if(call_user_func($config['auth_method'].'_authenticate')!==1) { // HTTP authentication (exit if unsuccessfull) if($config['auth_send_authenticate_header']) header('WWW-Authenticate: Basic realm="Inf-IT Auth Module"'); header('HTTP/1.0 401 Unauthorized'); echo <<<HTML <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>401 Authorization Required</title> </head> <body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body> </html> HTML; exit(0); } else { /* debug output */ exit ("here we are but login screen is still shown"); header('Content-type: text/xml; charset="utf-8"'); echo array_to_xml($config['accounts']); } ?>
So looks like you get the XML response from the auth module (you can test it by opening directly the /auth/ URL and entering your credentials) ... if the client gets the configuration XML then the auth module is working correctly.
Usually the problem is related to your server certificate. Are you sure that your server certificate is trusted by your browser? ... if you visit a HTTPS server with invalid certificate your browser will ask to add exception, but JavaScript cannot ask for exception - it will simply refuse to connect.
Try to open the principal URL directly in your browser and if it will ask you for exception then this is the problem.
JM
When I set crossdomain to null I get: Info: [globalNetworkCheckSettings: 'https://kalender.myserver.de/carddavmate/auth/'] crossDomain set to: 'false' in "firebug".
In both cases I get a XML as described before.
The certificate is known by the browser, when I try to open
https://kalender.myserver.de/caldav.php/tuser it just ask for username/ passwd.
I have search for GlobalLoginUsername and this also set, when I XML.
Regards, basti
On 19.07.2013 12:56, Ján Máté wrote:
Hi,
On Jul 19, 2013, at 12:15 PM, basti mailinglist@unix-solution.de wrote:
Hello,
we try to use Carddavmate with XML-auth to implement this in owr own software. At the moment we have the following config:
Davical Server: https://kalender.myserver.de/caldav.php Carddavmate: https://kalender.myserver.de/carddavmate/
config.js
var globalNetworkCheckSettings={href: location.protocol+'//'+location.hostname+(location.port ? ':'+location.port: '')+location.pathname.replace(RegExp('/+[^/]+/*(index.html)?$'),'')+'/carddavmate/auth/', crossDomain: true, withCredentials: false, syncInterval: 0, timeOut: 30000, additionalResources: ['nx4group'], delegation: true};
why "crossDomain: true"? ... both DAViCal server and also CardDavMATE use the same origin (protocol, host, port) "https://kalender.myserver.de" => your setup is NOT cross-domain
/auth/config.inc
<?php // auth method: generic (auth/plugins/generic_conf.inc) or ldap (auth/plugins/ldap_conf.inc) $config['auth_method']='generic'; // set to true for debugging XML response, otherwise set to false to avoid browser // to show http authentication window after unsuccessful authentication $config['auth_send_authenticate_header']=false; // successfull authentication XML specification (change the "http://www.server.com:80" to your protocol/server/port) $config['accounts']=array('resources'=>array()); // note: if you want to use regex values, then use one of the following formats (the second example is with regex modifier): 're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$' $config['accounts']['resources'][]=array( 'resource'=>array( 'type'=>array('addressbook'=>''), 'href'=>'https://kalender.myserver.de/caldav.php/'.$_SERVER['PHP_AUTH_USER'].'/', 'hreflabel'=>'', // if undefined or empty href value is used (see above) 'crossdomain'=>'true', // set to true for different protocol/server/port origin (default is null = autodetect) 'forcereadonly'=>'null', // see auth/doc/example_config_response.xml for proper use, for example: 'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'), array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')), 'withcredentials'=>'false', // for experts only (note: if true, Access-Control-Allow-Origin "*" is not allowed) 'showheader'=>'true', // if undefined, empty or not false header is displayed 'settingsaccount'=>'true', // client properties are saved here (note: set it to true only for ONE account) 'checkcontenttype'=>'true', // check content-type in the server response (if you cannot see data in the interface /buggy server response/ you may try to disable it) 'delegation'=>'true', // see auth/doc/example_config_response.xml for proper use, for example: 'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'), array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')), 'userauth'=>array( 'username'=>$_SERVER['PHP_AUTH_USER'], 'password'=>$_SERVER['PHP_AUTH_PW'] ), 'syncinterval'=>60000, 'timeout'=>30000, 'locktimeout'=>10000 ) ); ?>
auth/generic.conf
<?php // Server base URL $pluginconfig['base_url']='https://kalender.myserver.de'; // Default values are usually OK // for Davical: $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory // for Lion server: //$pluginconfig['request']='/principals/users'; $pluginconfig['timeout']=30; ?>
the xml (header) looks like:
<resources xmlns="urn:com.inf-it:configuration"> <resource> <type> <addressbook></addressbook> </type> <href>https://kalender.myserver.de/caldav.php/tuser/</href> <hreflabel></hreflabel> <crossdomain>true</crossdomain> <forcereadonly>null</forcereadonly> <withcredentials>false</withcredentials> <showheader>true</showheader> <settingsaccount>true</settingsaccount> <checkcontenttype>true</checkcontenttype> <delegation>true</delegation> <userauth> <username>tuser</username> <password>123456</password> </userauth> <syncinterval>60000</syncinterval> <timeout>30000</timeout> <locktimeout>10000</locktimeout> </resource> </resources>
the same problem (<crossdomain>true</crossdomain>) ... why you not use the default (null = autodetect)?
But we cant login, the is always the login-screen shown
auth/index.php
<?php require_once('config.inc'); require_once('common.inc'); require_once('cross_domain.inc'); require_once('plugins/'.$config['auth_method'].'.inc'); // configured module - it defines the 'MODULE_authenticate()' function if(call_user_func($config['auth_method'].'_authenticate')!==1) { // HTTP authentication (exit if unsuccessfull) if($config['auth_send_authenticate_header']) header('WWW-Authenticate: Basic realm="Inf-IT Auth Module"'); header('HTTP/1.0 401 Unauthorized'); echo <<<HTML <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>401 Authorization Required</title> </head> <body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body> </html> HTML; exit(0); } else { /* debug output */ exit ("here we are but login screen is still shown"); header('Content-type: text/xml; charset="utf-8"'); echo array_to_xml($config['accounts']); } ?>
So looks like you get the XML response from the auth module (you can test it by opening directly the /auth/ URL and entering your credentials) ... if the client gets the configuration XML then the auth module is working correctly.
Usually the problem is related to your server certificate. Are you sure that your server certificate is trusted by your browser? ... if you visit a HTTPS server with invalid certificate your browser will ask to add exception, but JavaScript cannot ask for exception - it will simply refuse to connect.
Try to open the principal URL directly in your browser and if it will ask you for exception then this is the problem.
JM
I have try again with clean Browser cache and it seems that the XML response is correct but the GlobalLoginUsername isnt set.
Regards Basti
p.s. ist possible to change/delete a mail after sending to ml?
On 19.07.2013 13:57, basti wrote:
When I set crossdomain to null I get: Info: [globalNetworkCheckSettings: 'https://kalender.myserver.de/carddavmate/auth/'] crossDomain set to: 'false' in "firebug".
In both cases I get a XML as described before.
The certificate is known by the browser, when I try to open
https://kalender.myserver.de/caldav.php/tuser it just ask for username/ passwd.
I have search for GlobalLoginUsername and this also set, when I XML.
Regards, basti
On 19.07.2013 12:56, Ján Máté wrote:
Hi,
On Jul 19, 2013, at 12:15 PM, basti mailinglist@unix-solution.de wrote:
Hello,
we try to use Carddavmate with XML-auth to implement this in owr own software. At the moment we have the following config:
Davical Server: https://kalender.myserver.de/caldav.php Carddavmate: https://kalender.myserver.de/carddavmate/
config.js
var globalNetworkCheckSettings={href: location.protocol+'//'+location.hostname+(location.port ? ':'+location.port: '')+location.pathname.replace(RegExp('/+[^/]+/*(index.html)?$'),'')+'/carddavmate/auth/', crossDomain: true, withCredentials: false, syncInterval: 0, timeOut: 30000, additionalResources: ['nx4group'], delegation: true};
why "crossDomain: true"? ... both DAViCal server and also CardDavMATE use the same origin (protocol, host, port) "https://kalender.myserver.de" => your setup is NOT cross-domain
/auth/config.inc
<?php // auth method: generic (auth/plugins/generic_conf.inc) or ldap (auth/plugins/ldap_conf.inc) $config['auth_method']='generic'; // set to true for debugging XML response, otherwise set to false to avoid browser // to show http authentication window after unsuccessful authentication $config['auth_send_authenticate_header']=false; // successfull authentication XML specification (change the "http://www.server.com:80" to your protocol/server/port) $config['accounts']=array('resources'=>array()); // note: if you want to use regex values, then use one of the following formats (the second example is with regex modifier): 're:.*someregex.*[0-9]$' or 're|i:.*someregex.*[0-9]$' $config['accounts']['resources'][]=array( 'resource'=>array( 'type'=>array('addressbook'=>''), 'href'=>'https://kalender.myserver.de/caldav.php/'.$_SERVER['PHP_AUTH_USER'].'/', 'hreflabel'=>'', // if undefined or empty href value is used (see above) 'crossdomain'=>'true', // set to true for different protocol/server/port origin (default is null = autodetect) 'forcereadonly'=>'null', // see auth/doc/example_config_response.xml for proper use, for example: 'forcereadonly'=>array(array('collection'=>'/caldav.php/user/collection/'), array('collection'=>'re:^/caldav.php/user/collection[0-9]/$')), 'withcredentials'=>'false', // for experts only (note: if true, Access-Control-Allow-Origin "*" is not allowed) 'showheader'=>'true', // if undefined, empty or not false header is displayed 'settingsaccount'=>'true', // client properties are saved here (note: set it to true only for ONE account) 'checkcontenttype'=>'true', // check content-type in the server response (if you cannot see data in the interface /buggy server response/ you may try to disable it) 'delegation'=>'true', // see auth/doc/example_config_response.xml for proper use, for example: 'delegation'=>array(array('resource'=>'/caldav.php/user%40domain.com/'), array('resource'=>'re|i:^/caldav.php/a[b-x].+/$')), 'userauth'=>array( 'username'=>$_SERVER['PHP_AUTH_USER'], 'password'=>$_SERVER['PHP_AUTH_PW'] ), 'syncinterval'=>60000, 'timeout'=>30000, 'locktimeout'=>10000 ) ); ?>
auth/generic.conf
<?php // Server base URL $pluginconfig['base_url']='https://kalender.myserver.de'; // Default values are usually OK // for Davical: $pluginconfig['request']='/caldav.php'; // change only if your Davical is not installed into server root directory // for Lion server: //$pluginconfig['request']='/principals/users'; $pluginconfig['timeout']=30; ?>
the xml (header) looks like:
<resources xmlns="urn:com.inf-it:configuration"> <resource> <type> <addressbook></addressbook> </type> <href>https://kalender.myserver.de/caldav.php/tuser/</href> <hreflabel></hreflabel> <crossdomain>true</crossdomain> <forcereadonly>null</forcereadonly> <withcredentials>false</withcredentials> <showheader>true</showheader> <settingsaccount>true</settingsaccount> <checkcontenttype>true</checkcontenttype> <delegation>true</delegation> <userauth> <username>tuser</username> <password>123456</password> </userauth> <syncinterval>60000</syncinterval> <timeout>30000</timeout> <locktimeout>10000</locktimeout> </resource> </resources>
the same problem (<crossdomain>true</crossdomain>) ... why you not use the default (null = autodetect)?
But we cant login, the is always the login-screen shown
auth/index.php
<?php require_once('config.inc'); require_once('common.inc'); require_once('cross_domain.inc'); require_once('plugins/'.$config['auth_method'].'.inc'); // configured module - it defines the 'MODULE_authenticate()' function if(call_user_func($config['auth_method'].'_authenticate')!==1) { // HTTP authentication (exit if unsuccessfull) if($config['auth_send_authenticate_header']) header('WWW-Authenticate: Basic realm="Inf-IT Auth Module"'); header('HTTP/1.0 401 Unauthorized'); echo <<<HTML <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>401 Authorization Required</title> </head> <body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body> </html> HTML; exit(0); } else { /* debug output */ exit ("here we are but login screen is still shown"); header('Content-type: text/xml; charset="utf-8"'); echo array_to_xml($config['accounts']); } ?>
So looks like you get the XML response from the auth module (you can test it by opening directly the /auth/ URL and entering your credentials) ... if the client gets the configuration XML then the auth module is working correctly.
Usually the problem is related to your server certificate. Are you sure that your server certificate is trusted by your browser? ... if you visit a HTTPS server with invalid certificate your browser will ask to add exception, but JavaScript cannot ask for exception - it will simply refuse to connect.
Try to open the principal URL directly in your browser and if it will ask you for exception then this is the problem.
JM
Hi,
the XML response is parsed by netCheckAndCreateConfiguration function in webdav_protocol.js. This functions appends the settings from the XML into globalAccountSettings - this variable is used internally by the client (it is also available in the config.js for testing the client with predefined server & username & password - the client will NOT show any login screen if you use this option).
There must be something wrong with your setup because the demo also uses the auth module and it works without any problem.
Try to use the globalAccountSettings instead of globalNetworkCheckSettings or globalNetworkAccountSettings and if it will work then switch back to auth module.
You can also send me a private message with access credentials and I can help you to solve the problem.
JM
p.s.: no, you cannot change/delete a mail after sending it to mailinglist ... if you want to delete a mail from the web archive then I can delete it manually
On Jul 19, 2013, at 2:23 PM, basti mailinglist@unix-solution.de wrote:
I have try again with clean Browser cache and it seems that the XML response is correct but the GlobalLoginUsername isnt set.
Regards Basti
p.s. ist possible to change/delete a mail after sending to ml?
-
basti -
Ján Máté