Hi,
I'm running dovecot with keycloak without problems since 1 month.
Nov 20 08:20:30 auth: Error: oauth2(francis@mydomain.com,10.10.40.30,<yskzUpAKb9EKCige>): oauth2 failed: connect(10.10.100.10:443) failed: Connection refused
It seem's that your keycloak is not responding to connection requests on port 443. You can try "telnet 10.10.100.10 443" from your dovecot server?
Regards Urban
Am 20.11.23 um 08:29 schrieb Francis Augusto Medeiros-Logeay via dovecot:
Hi,
I successfully configured Roundcube to use keycloak for oauth2.
However, I am having trouble to make it work with dovecot. My configuration is this:
cat dovecot-oauth2.conf.ext tokeninfo_url = https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo introspection_url = https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/token/intro... introspection_mode = post username_attribute = postfixMailAddress debug = yes scope = openid Roundcube_email
This is what I am getting from the logs:
Nov 20 08:20:30 auth: Error: ldap(francis@mydomain.com,10.10.40.30,<yskzUpAKb9EKCige>): ldap_bind() failed: Constraint violation Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host created Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host session created Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: IPs have expired; need to refresh DNS lookup Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Performing asynchronous DNS lookup Nov 20 08:20:30 auth: Debug: http-client[1]: request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJh...]: Submitted (requests left=1) Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: DNS lookup successful; got 1 IPs Nov 20 08:20:30 auth: Debug: http-client: peer 10.10.100.10:443 (shared): Peer created Nov 20 08:20:30 auth: Debug: http-client: peer 10.10.100.10:443: Peer pool created Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Peer created Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Setting up connection to 10.10.100.10:443 (SSL=auth.mydomain.com) (1 requests pending) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Linked queue https://auth.mydomain.com:443 (1 queues linked) Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Started new connection to 10.10.100.10:443 (SSL=auth.mydomain.com) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Making new connection 1 of 1 (0 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Connecting Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Waiting for connect (fd=23) to finish for max 0 msecs Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: HTTPS connection created (1 parallel connections exist) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Client connection failed (fd=23) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Connection failed (1 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug: http-client: peer 10.10.100.10:443: Failed to make connection (1 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Failed to establish any connection within our peer pool: connect(10.10.100.10:443) failed: Connection refused (1 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Failed to set up connection to 10.10.100.10:443 (SSL=auth.mydomain.com): connect(10.10.100.10:443) failed: Connection refused (1 peers pending, 1 requests pending) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Unlinked queue https://auth.mydomain.com:443 (0 queues linked) Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Failed to set up any connection; failing all queued requests Nov 20 08:20:30 auth: Debug: http-client[1]: request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJh...]: Error: 9003 connect(10.10.100.10:443) failed: Connection refused Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Dropping request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJh...] Nov 20 08:20:30 auth: Error: oauth2(francis@mydomain.com,10.10.40.30,<yskzUpAKb9EKCige>): oauth2 failed: connect(10.10.100.10:443) failed: Connection refused Nov 20 08:20:30 auth: Debug: http-client[1]: request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJh...]: Destroy (requests left=1) Nov 20 08:20:30 auth: Debug: http-client[1]: request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJh...]: Free (requests left=0) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Connection close Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Connection disconnect Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Disconnected: connect() failed: Connection refused (fd=23) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Detached peer Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Connection destroy Nov 20 08:20:32 imap-login: Info: Disconnected (auth service reported temporary failure): user=<francis@mydomain.com>, method=XOAUTH2, rip=10.10.40.30, lip=172.18.0.10, TLS, session=<yskzUpAKb9EKCige>
My dovecot version is 2.3.7.2 (3c910f64b).
I find it odd that it is sending the token as a parameter, when I chose “post” as the introspection mode. But I don’t know if that is the problem.
best,
Francis
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org