Closed Bug 1197194 Opened 9 years ago Closed 5 years ago

cannot create Google Calendar with authentication via SAML/OAuth

Categories

(Calendar :: Provider: GData, defect)

Product:
Calendar
Component:
Provider: GData
Version:
Lightning 4.0.2
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mcepl, Unassigned)

Details

Attachments

(2 files)

failed creation of Google Calendar
604.26 KB, video/webm
Details
screencast of logging to the Google Calendar
1.14 MB, video/webm
Details 
As a followup on the older bug 1148320

Yes, making a bug is always helpful. When trying to create a new calendar hosted on Google Apps and authenticated via some combination of OAuth/SAML/Kerberos I get an error message about the expired provider (see attached screencast).

As far as I understand authentication process Google knows it should for OAuth authentication which is transferred to our internal site https://saml.redhat.com which then authenticates me via Kerberos.

And yes, it is possible that Gnome Online Accounts are able to do all authentication to Google via OAuth.

This is the output on stderr:

matej@mitmanek: ~$ thunderbird |&tee thunderbird-log-20150821.txt
[calBackendLoader] Using libical backend at /home/matej/.thunderbird/izvhigii.default/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libical-manifest
[calSleepMonitor] Starting sleep monitor.
[calTimezoneService] Loading resource://calendar/timezones/zones.json
enigmail.js: Registered components
[calTimezoneService] Timezones version 2.2015e loaded
mimeVerify.jsm: module initialized
CalDAV: Retrieving server info from cache for ownCloud
CalDAV: Retrieving server info from cache for RH kalendář
[calGoogleSessionManager] Creating session mcepl@redhat.com
[calGoogleSession] Token expired 1440163224 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl@redhat.com
[calGoogleCalendar] No access token for mcepl@redhat.com, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl@redhat.com data: { "error": "http_401" }
[calGoogleSessionManager] Reusing session mcepl@redhat.com
[calGoogleSession] Token expired 1440163285 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl@redhat.com
[calGoogleCalendar] No access token for mcepl@redhat.com, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl@redhat.com data: { "error": "http_401" }
[calSleepMonitor] Stopping sleep monitor.
matej@mitmanek: ~$
This is probably less useful. Just the dance of URLs could be interesting.

There have been a few changes over the years, can you retest this if it still happens? I'm not quite sure how to reproduce this without access to the enterprise system, and I know it works with Mozilla's auth0 so it is not all enterprise systems. Maybe also check cookie settings?

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: