RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1255770 - cannot create Google Calendar with authentication via SAML/OAuth
Summary: cannot create Google Calendar with authentication via SAML/OAuth
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: thunderbird
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Horak
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1295396
TreeView+ depends on / blocked
 
Reported: 2015-08-21 13:52 UTC by Matěj Cepl
Modified: 2020-02-18 11:39 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-18 11:39:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
failed creation of Google Calendar (604.26 KB, video/webm)
2015-08-21 13:52 UTC, Matěj Cepl 		no flags Details
screencast of logging to the Google Calendar (1.14 MB, video/webm)
2015-08-21 13:53 UTC, Matěj Cepl 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1168277 0 -- RESOLVED Use Gnome Online Accounts's access_token to access Google Calendar 2020-02-18 11:38:11 UTC
Mozilla Foundation 1197194 0 -- RESOLVED cannot create Google Calendar with authentication via SAML/OAuth 2020-02-18 11:38:11 UTC

Description Matěj Cepl 2015-08-21 13:52:58 UTC 
Created attachment 1065619 [details]
failed creation of Google Calendar

As a followup on the older bug 1148320

Yes, making a bug is always helpful. When trying to create a new calendar hosted on Google Apps and authenticated via some combination of OAuth/SAML/Kerberos I get an error message about the expired provider (see attached screencast).

As far as I understand authentication process Google knows it should for OAuth authentication which is transferred to our internal site https://saml.redhat.com which then authenticates me via Kerberos.

And yes, it is possible that Gnome Online Accounts are able to do all authentication to Google via OAuth.

This is the output on stderr:

matej@mitmanek: ~$ thunderbird |&tee thunderbird-log-20150821.txt
[calBackendLoader] Using libical backend at /home/matej/.thunderbird/izvhigii.default/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libical-manifest
[calSleepMonitor] Starting sleep monitor.
[calTimezoneService] Loading resource://calendar/timezones/zones.json
enigmail.js: Registered components
[calTimezoneService] Timezones version 2.2015e loaded
mimeVerify.jsm: module initialized
CalDAV: Retrieving server info from cache for ownCloud
CalDAV: Retrieving server info from cache for RH kalendář
[calGoogleSessionManager] Creating session mcepl
[calGoogleSession] Token expired 1440163224 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl
[calGoogleCalendar] No access token for mcepl, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl data: { "error": "http_401" }
[calGoogleSessionManager] Reusing session mcepl
[calGoogleSession] Token expired 1440163285 seconds ago, resetting
[calGoogleCalendar] Logging in session mcepl
[calGoogleCalendar] No access token for mcepl, refreshing token
[calGoogleSession] Adding item https://www.googleapis.com/tasks/v1/users/@me/lists to queue
[calGoogleSession] Adding item https://www.googleapis.com/calendar/v3/users/me/calendarList to queue
[calGoogleCalendar] Failed to acquire a new OAuth token for mcepl data: { "error": "http_401" }
[calSleepMonitor] Stopping sleep monitor.
matej@mitmanek: ~$

Version-Release number of selected component (if applicable):
thunderbird-enigmail-1.8.2-1.el7.x86_64
thunderbird-lightning-gdata-1.9-2.el7_1.x86_64
thunderbird-38.1.0-2.el7_1.x86_64
thunderbird-debuginfo-38.1.0-2.el7_1.x86_64

How reproducible:
100%

Steps to Reproduce:
1. see the screecast
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Matěj Cepl 2015-08-21 13:53:52 UTC 
Created attachment 1065620 [details]
screencast of logging to the Google Calendar

This is probably less useful. Just the dance of URLs could be interesting.
Comment 6 Jan Horak 2020-02-18 11:39:10 UTC 
This should be already fixed, please reopen if you still have the issue.
Note You need to log in before you can comment on or make changes to this bug.