Announcement

Collapse
No announcement yet.

Grizzly - Single Sign On

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Grizzly - Single Sign On

    Hello,

    we encouter problems when trying to connect via get to ajax/sso. My call is:



    The response of the server is:

    {"category":8,"error_params":["get","/ajax/sso"],"error":"Auf dem Server trat ein vorübergehender Fehler auf. Die Anfrage konnte nicht verarbeitet werden. ","error_id":"1933572570-29","categories":"ERROR","code":"SVL-0014"}

    This is from /var/log/open-xchange/open-xchange.log.0 :

    Error processing request:
    com.openexchange.grizzly.remotePort=42073
    com.openexchange.grizzly.requestIp=192.168.145.15
    com.openexchange.grizzly.requestURI=/ajax/sso
    com.openexchange.grizzly.serverName=ox6.server.tld
    com.openexchange.grizzly.servletPath=/ajax/sso
    com.openexchange.grizzly.threadName=OXWorker-0000037
    com.openexchange.http.grizzly.userAgent=Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0
    com.openexchange.session.session={contextId=10, userId=43, sessionId=21fcXXXXXXX3831eab038, login=user.name, localIp=192.168.145.15, authId=e06cXXXXX8a3ed62fc, hash=ZCsiAXXXXKCVzpnw, client=com.openexchange.ox.gui.dhtml, transient=false}
    com.openexchange.session.sessionId=21fcXXXXXXX3831 eab038

    SVL-0014 Categories=ERROR Message='Action "get" on request path "/ajax/sso" is not permitted via a non-secure connection.' exceptionID=-989778917-31
    at com.openexchange.exception.OXExceptionFactory.crea te(OXExceptionFactory.java:171)
    [...]

    Before we upgraded from ajp to grizzy packages everything was working, meaning the get on ajax/sso was giving back username and password.

    I have no clue what I could change, I was also looking for X-Forwarded thing in the config, but this also didn't work.

    Anybody has an idea?

    Regards,

    J.Müller-Lahn

  • #2
    The Open-Xchange is either unable or unwilling to help, but I found it myselfs:

    Edit: /opt/open-xchange/etc/server.properties

    and change "com.openexchange.forceHTTPS=false" to "com.openexchange.forceHTTPS=true"

    afterwards do a "/etc/init.d/open-xchange restart".

    After this SSO works with grizzly like it should.

    Regards,

    J. Müller-Lahn

    Comment


    • #3
      This might be a workaround.
      But it's not a solution unfortunately.

      Have you tried
      RequestHeader set X-Forwarded-Proto "https"
      in the Apache config before?

      Comment


      • #4
        Hi,

        you're right. This was the real parameter, so adding "RequestHeader set X-Forwarded-Proto "https"" to /etc/apache2/mods-enabled/ssl.conf worked for me, even if "com.openexchange.forceHTTPS=false".

        Regards,

        J.Müller-Lahn
        Last edited by jmueller-lahn; 02-03-2014, 04:18 PM.

        Comment

        Working...
        X