Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: Paul Dekkers <paul.dekkers AT surf.nl>
- To: Darren Boss <Darren.Boss AT alliancecan.ca>, "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>, Jørn Åne de Jong <jornane.dejong AT surf.nl>
- Subject: Re: Problem with certificates generated
- Date: Thu, 18 Aug 2022 11:24:06 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pw5UMzDef6gznsVZpsKuuFo/x2JdqnNGcW58WVglvH4=; b=egMwG1B9MFw5GFnwtRlEVPPv3JcQ1nilICWjrkHLxZKTSmWiPF0GjbBuZkDtFewwT0MI4scnJnPVJThQsaNTJsq3RRi+yVQR38Czy2Jj4ah/5s6XN/74md81uNqo045Wxprft8Hb6vuG7/ZPVta8qjuiPZcn0HrO89OuOuagCg7rBjsqwWDe7BCA805oNWR09oTTOoU5iGzje669pX4lWaJ5A5eaz9+zxRHtgb93LsVD2dhI5NT4dc31giLrbrTYojBRgBdQK8DVH1AaBjB6WOQwUZ4xKt0KhmiHRK55+6lZYo5LsyfFjPPiINmUZffd9/mcnASiyw6p1E5R0dJSiA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C+6uU7W4zm+0PhyH7AHIIm3nyFNyegF6rSXSg1m298Kj6vbcf+T4gmZ3lmwLdIi6iI2r06vaZT+1+vaYyfDnSq2MgNgakhCXmfHq4MDdRthL7+6k3ixOBmLc6LbXcaH3ir+1poQsQzvRVwY1Xpg81Ela5w2CtPEIAVRGbdSHx9q61TlUQO4PilETcOkkLb+OPVLrN4x8pL/Yd9t7odRSaTzcONZ7G4/8kK3iioCh+Iyh3d5serbi7n7xzfqcMy6FI32ilNkZS48cNFm34VgTJoETAFD3AzgOaYmGVx4vrgg8UnqrvsgFCbyYqBhHnpC53qT9rohr048EeDeAiTN1Tw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
Hi,
Ah, so I think you're maybe running with Apache? Apache by default filters out the Authorization: header. I believe you can add
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1To your VirtualHost to pass the header to PHP.
I'm using nginx myself, and the documentation assumes lighttpd,
but I can imagine you try with your favorite webserver and stumble
upon this.
Regards,
Paul
On 17/08/2022 21:25, Darren Boss (via
geteduroam Mailing List) wrote:
YT1PR01MB9435E1FD2417B47DD4FD88A4966A9 AT YT1PR01MB9435.CANPRD01.PROD.OUTLOOK.COM">Got the response body logged via mod_security: { "error": "invalid_request", "error_description": "Missing SERVER parameter HTTP_AUTHORIZATION" } This is the cause of the 400 error on the Debian vm. From: geteduroam-request AT lists.geant.org <geteduroam-request AT lists.geant.org> on behalf of Jørn Åne de Jong <geteduroam AT lists.geant.org> Sent: Wednesday, August 17, 2022 9:14 AM To: geteduroam AT lists.geant.org <geteduroam AT lists.geant.org> Subject: Re: Problem with certificates generated On 17/08/2022 14:54, Darren Boss (via geteduroam Mailing List) wrote:I redeployed the portal on Debian 11.4 (Bullseye) but now I'm getting a error 400 on the call from the Android app to /api/eap-config/. I decided to log the Authorization header to a custom log and was able to decode it using a JWT decoder. Looks fine, sub claim is my email address (using email nameid from Azure AD). Including the decoded JWT in case it's something obvious: { "__t": "access_token", "iat": "1660739494", "sub": "Darren.Boss AT alliancecan.ca", "realm": "alliancecan.ca", "scope": "eap-metadata", "code_challenge_method": "S256", "code_challenge": "LQpjYE1ZjYAC6i9OwaU3OFYUBR9-rV-X0ohvYcXpLi4", "client_id": "app.eduroam.geteduroam", "redirect_uri": "app.eduroam.geteduroam:/", "exp": "1676637094" } jwt.io is flagging the dates as invalid but they look right to me and the iat matches the date of the apache log entry.I think the dates are supposed to be ISO strings. I'll fix that in a future release, but it's not really a problem since we don't need interoperability with other solutions. Error 400 means typically something wrong with the OAuth request. Can you find the answer body? It should tell you what's wrong. -- Jørn Åne de Jong geteduroam
- Problem with certificates generated, Darren Boss, 08/16/2022
- Re: Problem with certificates generated, Paul Dekkers, 08/16/2022
- Re: Problem with certificates generated, Darren Boss, 08/16/2022
- Re: Problem with certificates generated, Paul Dekkers, 08/16/2022
- Re: Problem with certificates generated, Darren Boss, 08/16/2022
- Re: Problem with certificates generated, Darren Boss, 08/17/2022
- Re: Problem with certificates generated, Hideaki GOTO, 08/17/2022
- Re: Problem with certificates generated, Jørn Åne de Jong, 08/17/2022
- Re: Problem with certificates generated, Darren Boss, 08/17/2022
- Re: Problem with certificates generated, Paul Dekkers, 08/18/2022
- Re: Problem with certificates generated, Darren Boss, 08/18/2022
- Re: Problem with certificates generated, Chris Phillips, 08/18/2022
- Re: Problem with certificates generated, Darren Boss, 08/18/2022
- Re: Problem with certificates generated, Darren Boss, 08/22/2022
- Re: Problem with certificates generated, Jørn Åne de Jong, 08/22/2022
- Re: Problem with certificates generated, Darren Boss, 08/23/2022
- Re: Problem with certificates generated, Darren Boss, 08/17/2022
- Re: Problem with certificates generated, Darren Boss, 08/16/2022
- Re: Problem with certificates generated, Paul Dekkers, 08/16/2022
- Re: Problem with certificates generated, Darren Boss, 08/16/2022
- Re: Problem with certificates generated, Paul Dekkers, 08/16/2022
Archive powered by MHonArc 2.6.19.