Announcement

Collapse
No announcement yet.

Multifactor

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multifactor

    Hello,

    After installing the package
    Code:
    open-xchange-multifactor
    I could not find the
    Code:
    multifactor.properties
    file. So I created it and put the content which I needed based on this instruction: https://documentation.open-xchange.c...ntication.html

    In general I could activate 2FA which seems to work fine for the web GUI but my clients stopped working all of a sudden. In the log I see the following:

    Code:
    2019-05-23T21:38:48,385+0200 ERROR [OXWorker-0001751] com.openexchange.usm.eas.delegate.BaseXMLDelegate. logError(BaseXMLDelegate.java:792)
    <Undetermined USM Session> Unknown OX response reading configuration
    com.openexchange.grizzly.method=POST
    com.openexchange.grizzly.queryString=User=blubb&De viceId=AV5N2CQGD50MR6R070&DeviceType=iPad&Cmd=Fold erSync
    com.openexchange.grizzly.remoteAddress=x.x.x.x
    com.openexchange.grizzly.remotePort=58930
    com.openexchange.grizzly.requestURI=/Microsoft-Server-ActiveSync
    com.openexchange.grizzly.serverName=xxx
    com.openexchange.grizzly.servletPath=/Microsoft-Server-ActiveSync
    com.openexchange.grizzly.threadName=OXWorker-0001751
    com.openexchange.grizzly.userAgent=Apple-iPad7C4/1605.227
    com.openexchange.localhost.ipAddress=127.0.1.1
    com.openexchange.localhost.version=7.10.2-Rev4
    com.openexchange.request.trackingId=2101920242-1050977276
    com.openexchange.usm.api.exceptions.OXCommunicatio nException: Unknown OX response reading configuration
    at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .readConfiguration(OXJSONAccessImpl.java:241)
    at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .getConfiguration(OXJSONAccessImpl.java:220)
    at com.openexchange.usm.session.impl.SessionManagerIm pl.initNewSessionFor(SessionManagerImpl.java:495)
    at com.openexchange.usm.session.impl.SessionManagerIm pl.getSession(SessionManagerImpl.java:432)
    at com.openexchange.usm.eas.servlet.EASServlet.getUSM Session(EASServlet.java:219)
    at com.openexchange.usm.eas.servlet.EASServlet.handle Request(EASServlet.java:367)
    at com.openexchange.usm.eas.servlet.EASServlet.doPost (EASServlet.java:307)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:706)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:791)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:124)
    at com.openexchange.http.grizzly.servletfilter.Reques tReportingFilter.doFilter(RequestReportingFilter.j ava:138)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at com.openexchange.http.grizzly.servletfilter.Wrappi ngFilter.doFilter(WrappingFilter.java:223)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at com.openexchange.http.grizzly.service.http.OSGiAut hFilter.doFilter(OSGiAuthFilter.java:139)
    at org.glassfish.grizzly.servlet.FilterChainImpl.doFi lter(FilterChainImpl.java:114)
    at org.glassfish.grizzly.servlet.FilterChainImpl.invo keFilterChain(FilterChainImpl.java:83)
    at org.glassfish.grizzly.servlet.ServletHandler.doSer vletService(ServletHandler.java:202)
    at org.glassfish.grizzly.servlet.ServletHandler.servi ce(ServletHandler.java:154)
    at com.openexchange.http.grizzly.service.http.OSGiMai nHandler.service(OSGiMainHandler.java:302)
    at org.glassfish.grizzly.http.server.HttpHandler$1.ru n(HttpHandler.java:200)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$MDCProvidingRunnable.run(CustomThreadP oolExecutor.java:2615)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:841)
    at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:868)
    at java.lang.Thread.run(Thread.java:748)
    Any ideas?

    Thanks in advance.

  • #2
    Also trying to add an account in OX Drive when 2FA is enabeld and got the following message:
    Code:
    No value available for remote parameter name 'multifactorAuthenticated'
    So how is 2FA supposed to work with Web GUI / EAS / OX Drive?

    Comment


    • #3
      So for EAS and the Drive API/apps I would expect that nothing changes with 2FA. But not sure if that really is the case. Need to investigate.

      Comment


      • #4
        Wolfgang, thanks for your reply. I would expect this was tested before?!
        But seriously, OX Drive stops syncing. EAS same with the error message above. Once investigated please advise.
        Thank you.

        Comment


        • #5
          Wolfgang, did you have the chance to investigate?

          Comment


          • #6
            Unfortunately I have to say that my expectation was wrong. Multifactor as of today only works for web login and block at the same time any other types of access.

            Comment


            • #7
              At least we have found the "bug" which you have confirmed. Waiting for a solution then. Thanks.

              Comment


              • #8
                Wolfgang, any news?

                Comment


                • #9
                  No, I do not expect any short term change. This is not considered a bug but was known as a limitation during development of the feature. If it is seen as priority to change something for 7.10.3 I do not know.

                  Comment


                  • #10
                    Thanks for the answer. I will wait then until it has been fully developed. Unusable for me and probably the most of the user at that stage.

                    Comment


                    • #11
                      Are there any news on that?

                      Comment


                      • #12
                        No confirmed ones. There are ideas to introduce a concept to make App access possible via dedicated passwords/credentials while 2FA for Web is enabled. Specifically for DAV clients we are not able to support 2FA at all since those are out of our control.

                        Comment

                        Working...
                        X