Bug 1255770 - cannot create Google Calendar with authentication via SAML/OAuth
cannot create Google Calendar with authentication via SAML/OAuth
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: thunderbird (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jan Horak
Desktop QE
:
Depends On:
Blocks: 1295396
  Show dependency treegraph
 
Reported: 2015-08-21 09:52 EDT by Matěj Cepl
Modified: 2017-08-02 02:50 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
failed creation of Google Calendar (604.26 KB, video/webm)
2015-08-21 09:52 EDT, Matěj Cepl
no flags Details
screencast of logging to the Google Calendar (1.14 MB, video/webm)
2015-08-21 09:53 EDT, Matěj Cepl
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1168277 None None None 2016-01-04 13:26 EST
Mozilla Foundation 1197194 None None None Never

  None (edit)
Description Matěj Cepl 2015-08-21 09:52:58 EDT
Created attachment 1065619 [details]
failed creation of Google Calendar

As a followup on the older bug 1148320

Yes, making a bug is always helpful. When trying to create a new calendar hosted on Google Apps and authenticated via some combination of OAuth/SAML/Kerberos I get an error message about the expired provider (see attached screencast).

As far as I understand authentication process Google knows it should for OAuth authentication which is transferred to our internal site https://saml.redhat.com which then authenticates me via Kerberos.

And yes, it is possible that Gnome Online Accounts are able to do all authentication to Google via OAuth.

This is the output on stderr:

matej@mitmanek: ~$ thunderbird |&tee thunderbird-log-20150821.txt
[calBackendLoader] Using libical backend at /home/matej/.thunderbird/izvhigii.default/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libical-manifest
[calSleepMonitor] Starting sleep monitor.
[calTimezoneService] Loading resource://calendar/timezones/zones.json
enigmail.js: Registered components
[calTimezoneService] Timezones version 2.2015e loaded
mimeVerify.jsm: module initialized
CalDAV: Retrieving server info from cache for ownCloud
CalDAV: Retrieving server info from cache for RH kalendář
[calGoogleSessionManager] Creating session mcepl@redhat.com
[calGoogleSession] Token expired 1440163224 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl@redhat.com
[calGoogleCalendar] No access token for mcepl@redhat.com, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl@redhat.com data: { "error": "http_401" }
[calGoogleSessionManager] Reusing session mcepl@redhat.com
[calGoogleSession] Token expired 1440163285 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl@redhat.com
[calGoogleCalendar] No access token for mcepl@redhat.com, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl@redhat.com data: { "error": "http_401" }
[calSleepMonitor] Stopping sleep monitor.
matej@mitmanek: ~$

Version-Release number of selected component (if applicable):
thunderbird-enigmail-1.8.2-1.el7.x86_64
thunderbird-lightning-gdata-1.9-2.el7_1.x86_64
thunderbird-38.1.0-2.el7_1.x86_64
thunderbird-debuginfo-38.1.0-2.el7_1.x86_64

How reproducible:
100%

Steps to Reproduce:
1. see the screecast
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Matěj Cepl 2015-08-21 09:53:52 EDT
Created attachment 1065620 [details]
screencast of logging to the Google Calendar

This is probably less useful. Just the dance of URLs could be interesting.

Note You need to log in before you can comment on or make changes to this bug.