walt
December 24, 2023, 4:21am
1
We’re trying to connect a WebDAV client to OCIS 4.x.x and are unable to proceed past a “401 Unauthorized” response. Have searched through what seems like a million different topics on this, mostly for ownCloud 10, but have yet to find a solution. We’ve tested having the OCIS server using both the built-in IdP and KeyCloak with the same result. Documents we’ve dug through and tried solutions from include How to Authenticate to the WebDAV API? - #3 by butonic , General Troubleshooting , https://www.reddit.com/r/owncloud/comments/141sa67/ocis_webdav_access/ and WebDAV with OpenID Connect | ownCloud , but so far no luck.
Connection approach for the WebDAV clients pretty straight forward: https://ocis.mydomain.com/webdav as the URL, port 443, and then we provide the username and password for a known valid user.
Any thoughts on how we can get a WebDAV client talking to OCIS without this 401 error?
tom42
December 26, 2023, 10:37am
2
Hey,
i’m not familiar with OCIS but i still think that the URL could be wrong and would need to be differently like shown here:
Using an external fully featured IDP like Keycloak might solve the issue (or make it less painful), but I fully agree that the default oCIS internal IDP is pretty hard to use if you want to work with the API. Not only that the feature set quite limited, also the documentation is non-existent and users have to read the code… Here is what I have done to obtain an OIDC access token from the command line in a non-interactive way:
## Login with a username/password to get an OIDC session. Im going t…
walt
December 27, 2023, 3:29am
3
Thanks, @tom42 . We’ve been using this bit of info for our WebDAV URL:
The legacy /webdav and /dav/files/{username} endpoints still work, but may be slower than accessing via the new /dav/spaces/{spaceid} andpoint.
The new /dav/spaces/{spaceid} endpoint produces the same 401 error as /webdav, so it seems the URL isn’t the core issue here.
tom42
December 27, 2023, 12:31pm
4
Hey,
i think the URL could be still part of the problem because from what i know the “legacy” URLs include /remote.php like e.g.:
/remote.php/webdav/remote.php/dav/files/{username}
but the URL in the first posting doesn’t include this part.
walt
December 27, 2023, 11:08pm
5
walt
January 21, 2024, 5:42am
6
Still unable to get this to work. We tried a WebDAV URL that’s known to be working with ownCloud Desktop, https://ocis.mydomain.comdav/spaces/4b716f2b-99ec-4e08-bb44-41e812f19653$e1df1f57-cdb2-4fea-afa5-4d42d17f247e , and still receive the same 401 response. There’s got to be a configuration issue on the server side with OCIS where it’s refusing to authorize the WebDAV client. Any hope of getting this working?
@walt What kind of authentication are you using for the webdav access? Are you trying to use basic auth? If yes, please note that by default does only OpenID Connect based authentication and support of basic auth is disabled. Does your client support OpenID Connect?
It is possible to enable to enable basic auth (see WebDAV with Basic Authentication | ownCloud ) but I’d strongly recommend against doing that.
walt
January 23, 2024, 8:20am
8
We tried a range of auth options but your reply lead us to Add example config for 3rd party WebDAV client Cyberduck (and Mountain Duck) by michaelstingl · Pull Request #7649 · owncloud/ocis · GitHub which provided the magic sauce for getting things working between the OIDC client config and the connection profile. Thank you!!
3 Likes