Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

You are here:
  1. Messages
Support Installation & Updates
  1. OpenProject
  2. Forums
  3. Support Installation & Updates
  4. Using OpenProject in Apache Basic Auth protected area

Using OpenProject in Apache Basic Auth protected area

Added by David Epping over 7 years ago

Hello,

I’m trying to operate OpenProject CE within a Basic Auth protected Apache served directory. Passenger is used to bridge between Apache and Ruby.

While this basically works, I’m unable to access anything that is related to workpackages (tasks, workpackage summary, ..): “Your query is erroneous and could not be processed. You did not provide the correct credentials.”

I traced the problem down to being related to Basic Auth. If I disable Basic Auth in Apache, everything is working as expected. I assume that the APIv3 Basic Auth feature conflicts with the Apache Basic Auth.
Therefore I edited config/configuration.yml and uncommented “apiv3_enable_basic_auth: false” and “apiv2_enable_basic_auth: false”
However, nothing changed.

Has anyone used such a setup? How can I completely disable Basic Auth support in OpenProject and leave it entirely to Apache?

I tried editing spec/requests/api/v3/authentication_spec.rb but not even syntax errors in this file produce any change in behaviour. I’m completely new to Ruby and thought it was a scripting language, but it seems there is some extra compile step in this setup, or this file is not the one producing the message.

Thanks for any help,
David


Replies (1)

RE: Using OpenProject in Apache Basic Auth protected area - Added by Rainer Zufall over 6 years ago

Workaround in apache2:

1.) enable mod_headers
`a2enmod headers`

2.) restart apache2

3.) set this in your location, where you set your htaccess rules:
`RequestHeader unset Authorization`

4.) restart Apache2 again

Background:
If you do a AuthLogin with your browser, the browser keeps the session and resends it with every request. Looks like this in the request header of your browser:

“Authorization: Basic yxzyxzyxzyxzyxzyxzyxz”

Problem, the OpenProject api seems to prefer BasicAuth over session auth, and because the user-information for basic auth does not fit the api credentials, you get a 401, when requesting pages with query the api via XHR - like “workspace summary”.

The workaround removes the “Authorization:” header element from the browser request before the request gets forwarded to the openproject application.

Easy and hacky.

  • (1 - 1/1)
Loading...