authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Authentik + Roundcube + Dovecot - 404 page on webmail after successful authentication on Authentik

Open LeftoversTodayAppAdmin opened this issue 1 year ago • 6 comments

Describe the bug

I am using Authentik to build SSO with Roundcube + Dovecot but I get a 404 page on webmail after successful authentication on Authentik. Direct authentication to the web server has no issues. Authentik is also working really well with Rocket.chat

To Reproduce Steps to reproduce the behavior:

  • I have setup Authentik and want OAUTH2/OpenID for SSO to iRedmail instance running Roundcube and Dovecot.
  • When I go through the login flow and go to mail.mydomain.com I see the button for Authentik and when I click it and enter username and password its a success, the Authentik logs show success.
  • It redirects back to my mailserver and it shows a 404, the URL looks like this: https://mail.mydomain.com/index.php/login/oauth?code=31e7ce7051194543906e6fe2ebda58c8&state=G3qhnBAQz7sT

I can provide access to my test setup.

Expected behavior After auth the redirect opens the inbox on iRedmail

Screenshots Its just a nginx 404 page with this URL: https://mail.mydomain.com/index.php/login/oauth?code=31e7ce7051194543906e6fe2ebda58c8&state=G3qhnBAQz7sT

Logs Roundcube logs: Jan 25 07:23:13 mail roundcube: <83b3gt0f> IMAP Error: Login failed for [email protected] against 127.0.0.1 from 97.126.115.237. AUTHENTICATE LOGIN: A0002 NO [AUTHENTICATIONFAILED] Authentication failed. in /opt/www/roundcubemail-1.6.5/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login) Jan 25 07:23:14 mail roundcube: <83b3gt0f> Failed login for [email protected] from 97.126.115.237 in session 83b3gt0f8leaq23f (error: 0)

Nothing in the dovecot logs

Version and Deployment (please complete the following information):

  • authentik version: latest
  • Deployment: docker

Additional context Add any other context about the problem here.

LeftoversTodayAppAdmin avatar Jan 25 '24 08:01 LeftoversTodayAppAdmin

Having the same issue - any fix for it yet?

MaximalCats avatar Feb 23 '24 20:02 MaximalCats

Also having an issue that seems like this one. I get an error while authenticating to gitlab and seafile. Worked before my update.

Atomique avatar Feb 28 '24 18:02 Atomique

I seemed to have found a fix for this; i forgot where or what i did however. It had something to do with the way how nginx finds php files. Here is my nginx config.

If i remember correctly, i think i changed the regex value which nginx uses to find php files to: [^/]\.php(/|$). If any issues arise, i unfortunately can't help. I have switched to Caddy, and my knowledge of nginx is very limited.

MaximalCats avatar Feb 28 '24 18:02 MaximalCats

For me the problem seems to be in dovecot. Have tried everything can't get this to work.

Mar 23 20:32:48 auth-worker(65471): Info: conn unix:auth-worker (pid=59652,uid=302): auth-worker<4>: pam(xxxxxxxx,::1,<em8AzkVUkcoAAAAAAAAAAAAAAAAAAAAB>): pam_authenticate() failed: Authentication failure (Password mismatch?) Mar 23 20:32:48 auth: Info: oauth2(xxxxxx,::1,<em8AzkVUkcoAAAAAAAAAAAAAAAAAAAAB>): oauth2 failed: Introspection failed: Username 'xxxxxxx' did not match '[email protected]'

This with all settings as the guide says.

Leatherface75 avatar Mar 23 '24 19:03 Leatherface75

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

authentik-automation[bot] avatar May 23 '24 01:05 authentik-automation[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

authentik-automation[bot] avatar Jul 24 '24 01:07 authentik-automation[bot]

Any news? Still can't get this working.

Leatherface75 avatar Aug 01 '24 11:08 Leatherface75

@Leatherface75 Im moving over to using this instead: https://docs.postalserver.io/

LeftoversTodayAppAdmin avatar Aug 08 '24 20:08 LeftoversTodayAppAdmin

Hello peoples. I am having a similar but different issues. My initial login works fine. It also works fine if I log out and log back in or go to the Authentik portal and click the link there. What doesn't work is, after a certain amount of time the connection is lost (authentication fails probably) and if I refresh the page it does not log in again successfully. I get an authentication error from roundcube via imap xoauth.

I need to also add that if you followed the roundcube/authentik documentation, you might have the same issues as I because I wrote the documentation on the site. Will let you know if I find the reason and a solution.

@Leatherface75 Your issue sounds different. You have a mismatch btw username vs [email protected] . Be more than happy to compare configs with you.

xpufx avatar Sep 20 '24 13:09 xpufx

Hello peoples. I am having a similar but different issues. My initial login works fine. It also works fine if I log out and log back in or go to the Authentik portal and click the link there. What doesn't work is, after a certain amount of time the connection is lost (authentication fails probably) and if I refresh the page it does not log in again successfully. I get an authentication error from roundcube via imap xoauth.

I need to also add that if you followed the roundcube/authentik documentation, you might have the same issues as I because I wrote the documentation on the site. Will let you know if I find the reason and a solution.

@Leatherface75 Your issue sounds different. You have a mismatch btw username vs [email protected] . Be more than happy to compare configs with you.

I have done as it says here https://docs.goauthentik.io/integrations/services/roundcube/ and also tried to change to use username without luck. I am using usernames as login in Dovecot and as you says it mismatches.

Leatherface75 avatar Sep 20 '24 18:09 Leatherface75