Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Does not send basic authentication for access to events (reverse proxy)

See original GitHub issue

Actual behaviour

I am using openHAB 2.4 behind a reverse SSL proxy with basic authenticaion. I can see in the Apache logs that the app does not send the credentials for this URL:

“GET /openhab/rest/sitemaps/events/0280f475-925e-463f-9227-202b094a7bd0?sitemap=default&pageid=default HTTP/1.1” 401 442

This does not happen when using the Chrome browser to access the Basic UI.

Expected behaviour

The app should always send the credentials (or react properly to the 401).

Steps to reproduce

Set up reverse proxy with Apache and Basic Authentication
Point the app to that remote URL

Can you reproduce the issue in demo mode?

No.

Environment data

Client

Android version: Pie
Device model: Xiaomi Redmi Note 5
Stock or customized ROM: Custom, Pixel Experience
App version : 2.5.0
Build flavor : Play Store
Device language: German

Server

Server version: 2.4.0
Reverse Proxy: Apache
Authentication method : Basic Auth

openHAB Cloud

N/A

Logs

App log

There is no such option!?

openHAB Server log

Nothing in that log.

Reverse Proxy log

Insert your reverse proxy error log here.
For nginx: `/var/log/nginx/error.log`
For Apache 2: `/var/log/apache2/error.log`

Nothing in that log.

"GET /openhab/rest/sitemaps/events/0280f475-925e-463f-9227-202b094a7bd0?sitemap=default&pageid=default HTTP/1.1" 401 442

Issue Analytics

State:
Created 5 years ago
Comments:27 (11 by maintainers)

Top GitHub Comments

1reaction

jankaluzacommented, Feb 25, 2020

@mueller-ma, I think I know what’s going on here. I’ve been using redirect in apache httpd from http to https and I used http:// scheme in remote hostname in openhab app. The openhab app then contact httpd using HTTP with Authorization header, httpd redirected it to HTTPS, but OkHttp does not include Authorization header in this redirected request and httpd returned 401.

The workaround for me was simply using “https”. I also had to stop using local access with “http”, otherwise openhab app would never try to use remote access (because it contact local hostname on “http” and this returned 401 so it did not try checking remote access hostname).

0reactions

mueller-macommented, Feb 26, 2020

I played with it a bit more and found out another possible reason

Which reverse proxy are you using? You need to set a few headers to fix this issue. The config I posted in https://github.com/openhab/openhab-android/issues/1212#issuecomment-517394655 works for me in nginx.

Top Results From Across the Web

Restricting Access with HTTP Basic Authentication | NGINX Plus

You can restrict access to your website or some parts of it by implementing a username/password authentication. Usernames and passwords are taken from...

How to add authentication on reverse proxy where t...

Try to accomplish one use case via Apigee. Let say Our target system doesn't require any username/password or any token to access their...

Basic auth for a Tomcat app (JIRA) with Nginx as reverse proxy

The work around is to unset the Authorization header when using Apache2 as a reverse proxy. proxy_set_header Authorization ""; This works great and...

Apache reverse proxy with basic authentication - Stack Overflow

Here's the config I have used to accomplish basic authentication over https against a database. My backend server is running Tomcat ...

HTTP Authentication: Basic Authentication - Holistic SEO

HTTP Authorization request header provides a response with the status code 401 Unauthorized when the user provides no credentials upon access ...