Cyberduck Mountain Duck CLI

#7461 closed defect (thirdparty)

Login forbidden error

Reported by: Nixblicker Owned by: dkocher
Priority: normal Milestone: 4.4
Component: webdav Version: 4.3.1
Severity: normal Keywords:
Cc: Architecture:
Platform: Mac OS X 10.8

Description (last modified by dkocher)

Hi,

if trying to connect to the WebDAV folder, I get a forbidden error. This works with the same configuration in 4.2.1 like a charm, but with 4.3.1 and the latest build it fails.

  • Log:
HEAD /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Thu, 26 Sep 2013 21:07:43 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=43F046; Domain=.amer.csc.com; expires=Thu, 26-Sep-13 23:09:43 GMT; Path=/
PROPFIND /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Cookie: BC_HA_c111016a43948563_1107287B=43F046
Cookie2: $Version=1
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Thu, 26 Sep 2013 21:07:44 GMT
Server: Apache
Content-Length: 726
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=43F046; Domain=.amer.csc.com; expires=Thu, 26-Sep-13 23:09:44 GMT; Path=/

Change History (12)

comment:1 Changed on Sep 26, 2013 at 9:18:01 PM by dkocher

  • Description modified (diff)
  • Milestone set to 4.4

comment:2 Changed on Sep 28, 2013 at 7:00:44 AM by dkocher

  • Platform set to Mac OS X 10.8
  • Summary changed from WEbDAV login forbidden error to Login forbidden error

comment:3 Changed on Sep 28, 2013 at 7:03:47 AM by dkocher

  • Description modified (diff)

comment:4 Changed on Sep 28, 2013 at 7:04:51 AM by dkocher

Please post the transcript from a connection using 4.2.1 for comparison.

comment:5 Changed on Sep 28, 2013 at 8:36:59 AM by Nixblicker

PROPFIND /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.8.5) (i386)
HTTP/1.1 401 Authorization Required
Date: Sat, 28 Sep 2013 08:33:53 GMT
Server: Apache
WWW-authenticate: basic realm="AMER CSC Docs WebDAV Component"
Content-Length: 29
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: SMCHALLENGE=YES; path=/; domain=.csc.com
Set-Cookie: BC_HA_c111016a43948563_1107287B=44B6E1; Domain=.amer.csc.com; expires=Sat, 28-Sep-13 10:35:53 GMT; Path=/
Proxy-support: Session-based-authentication
PROPFIND /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.8.5) (i386)
Cookie: BC_HA_c111016a43948563_1107287B=44B6E1; SMCHALLENGE=YES
Cookie2: $Version=1
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 207 Multi-Status
Date: Sat, 28 Sep 2013 08:33:54 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 621
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=60, proxy-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Set-Cookie: SMCHALLENGE=; expires=Mon, 01 Apr 2013 08:33:54 GMT; path=/; domain=.csc.com
Set-Cookie: SMSESSION=6Q7IX+5kZcTQ6XhzIs1gv4f/Gs4A3SkBPkWfCEK+xfQqgdar7W9jJwr6+QpevzPvDkMixr1CaeHnSMguzWhpnc8AVBVe5eMf094J14LQG6kQFsjLwwz/iOdHHVvhVhtzk3FJfVhltNijLZPGHUrgRAFDAzqzBiVGNS0qntwehIDETS8hxPZEo0LrgiHfR4bQi5ZUZWggRJFPHixdIn+aSa088OHhsiQoYGqEZjmpKql4Y0xf0cMpnsNSn26bZiHxuwYkErEycHiSynEgVla7fyStVgj1C4H4BgSZft0KUF4d7e7NZvLaj6gnwK+RhgWfJw4efLClMTSkjwLFkFjiDLkmJlEsafcaciAWqYf5d9GmplSQOw9LCIfDrWcVk+kiQL9NPsDrkkgvYeFK/J3T+F3L5rjKw0Abm6tXQ/l2eHodTCnUKs9Jb1oPbaAqvGEZexu6U5OlHU/qx91wRv+BVk2FkEVgM5MN7F+3R4PegMVMY1gBkjtkqqY3NaXBuIP+tnl0z1siAOIcPA054+X64Y6bc57oUwCGqG/fRcQG233xQaHYGqYcvcbsS6XANo6fOl4a3HMgNFGar8sqTlO7Q1dvK7+3eSgjcko2Px6PAAXjbHIVM+4nAxQWLVKvbT7hatXJZGYzGzkDbvPwhjae/5+cZj6rTxh/HAemePpu/Y3Kzo+ndRJrYG6RxB1/JYc5IHOp5f3P6LGJKEXq+2t0HjqDz45lpawOnP3Twf/3I8gpSSjVZyOC/ocllY6JDjjx/ou4nrSjhUcKxeNvapfcLYzknMLY4XxKKsZeWGAXhZbrTKhlZHdOeiCdHm4MPWD0Qob9OCTMY4LFyiaig1p4zbMwf6VktHB0p4rWp3jf/yK1MVXyUBgHA64cDQ1IWvqkalrr29vnKDgDNbiA9+au+viNNw8ETWPLh70zOYhSuU0WAORsuANffzMuH69ZHUhUfKOpQAeXOCttq/ZR1Ns8iIMnPgYrZoMTMWSHp0eX67grjb+Dzs1yZhPDpeFyN2zYxNE2+Cil/naVjVJWUM42VItovruTqW0SBMPkvlmpdktliuuUrzdDgJgcbqCvKwWh0rSekLOS+L5pX7Pc57+2arQiDFPPPusj; path=/; domain=.csc.com
Set-Cookie: JSESSIONID=D5959664AE137D9E79DC198AAA8DD81D.tomcat1; Path=/
Set-Cookie: BC_HA_c111016a43948563_1107287B=44B6E1; Domain=.amer.csc.com; expires=Sat, 28-Sep-13 10:35:54 GMT; Path=/

Last edited on Sep 28, 2013 at 8:40:10 AM by dkocher (previous) (diff)

comment:6 Changed on Sep 28, 2013 at 8:24:25 PM by dkocher

  • Resolution set to fixed
  • Status changed from new to closed

Possible fix in r13184.

comment:7 Changed on Sep 30, 2013 at 7:40:04 AM by Nixblicker

  • Resolution fixed deleted
  • Status changed from closed to reopened

The login seems to work with the latest nightly build, but then the listing of the content fails.

HEAD /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Mon, 30 Sep 2013 07:34:52 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=453E37; Domain=.amer.csc.com; expires=Mon, 30-Sep-13 09:36:51 GMT; Path=/
PROPFIND /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Cookie: BC_HA_c111016a43948563_1107287B=453E37
Cookie2: $Version=1
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Mon, 30 Sep 2013 07:34:52 GMT
Server: Apache
Content-Length: 726
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=453E37; Domain=.amer.csc.com; expires=Mon, 30-Sep-13 09:36:52 GMT; Path=/
Last edited on Sep 30, 2013 at 8:59:06 PM by dkocher (previous) (diff)

comment:8 Changed on Sep 30, 2013 at 9:04:31 PM by dkocher

  • Resolution set to thirdparty
  • Status changed from reopened to closed

I can see no difference in the PROPFIND request with the basic Authorization header present between version 4.2.1 and 4.4. The difference is only the cookie value (expected) and user agent.

 Content-Length: 99
 Host: docs.amer.csc.com
 Connection: Keep-Alive
-User-Agent: Cyberduck/4.2.1 (Mac OS X/10.8.5) (i386)
-Cookie: BC_HA_c111016a43948563_1107287B=44B6E1; SMCHALLENGE=YES
+User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
+Cookie: BC_HA_c111016a43948563_1107287B=453E37
 Cookie2: $Version=1
 Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih

Please report this issue to Alfresco.

comment:9 Changed on Sep 30, 2013 at 9:06:46 PM by dkocher

My educated guess is that because we send the cookie obtained from the previous failing HEAD request authentication is failing although the credentials are valid.

comment:10 Changed on Oct 1, 2013 at 6:46:18 AM by Nixblicker

Hi,

I guess yesterday I did a retry in between. The following log is taken directly after trying to map the share. The same configuration works flawless in 4.2.1

HEAD /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Tue, 01 Oct 2013 06:44:33 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=462264; Domain=.amer.csc.com; expires=Tue, 01-Oct-13 08:46:33 GMT; Path=/
PROPFIND /alfresco/webdav/Collaboration%20Home/Private/By%20name%20Z/Zurich%20ECM%20CoE/ECMaaS/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: docs.amer.csc.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.5) (x86_64)
Cookie: BC_HA_c111016a43948563_1107287B=462264
Cookie2: $Version=1
Authorization: Basic Ym5lc3RsZXI6TTBuc3RlcjA4X2Ih
HTTP/1.1 403 Forbidden
Date: Tue, 01 Oct 2013 06:44:33 GMT
Server: Apache
Content-Length: 726
Content-Type: text/html; charset=iso-8859-1
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Set-Cookie: BC_HA_c111016a43948563_1107287B=462264; Domain=.amer.csc.com; expires=Tue, 01-Oct-13 08:46:33 GMT; Path=/
Last edited on Oct 1, 2013 at 7:41:52 AM by dkocher (previous) (diff)

comment:11 Changed on Oct 1, 2013 at 6:46:32 AM by Nixblicker

  • Resolution thirdparty deleted
  • Status changed from closed to reopened

comment:12 Changed on Oct 1, 2013 at 9:22:26 AM by dkocher

  • Resolution set to thirdparty
  • Status changed from reopened to closed

Please reopen with feedback from Alfresco support regarding the issue.

Note: See TracTickets for help on using tickets.
swiss made software