Cannot finished the Mobile App configuration on Android

BlackAdderDK · January 30, 2022, 9:40pm

Hi Guys

I’m have run the install from source code on SUSE Linux Enterprise Server 15 SP3 with some success

The server works perfectly with Any browser I tried, and the healthcheck states that all is good.

But when trying to configure the mobile access via Android, I get to the login part and it fails with the following message: “Something went wrong”.

I’ve turned on debug log on the mobile client, and the following is logged:

  03.09.33 Getting server pgp and rsa keys
  03.09.33 --> GET https://server.domain.com/auth/verify.json http/1.1
  03.09.34 <-- 200 OK https://server.domain.com/auth/verify.json (254ms, 2131-byte body)
  03.09.34 --> GET https://server.domain.com/auth/jwt/rsa.json http/1.1
  03.09.34 <-- 500 Internal Server Error https://server.domain.com/auth/jwt/rsa.json (251ms, 261-byte body)
  03.09.34 retrofit2.HttpException: HTTP 500 Internal Server Error	
  at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)	
  at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)	
  at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)	
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)	
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)	
  at java.lang.Thread.run(Thread.java:920)

  retrofit2.HttpException: HTTP 500 Internal Server Error	
  at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)	
  at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)	
  at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)	
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)	
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)	
  at java.lang.Thread.run(Thread.java:920)
  03.09.34 Generic error occurred03.11.30 Checking biometry state
  03.11.46 Getting server pgp and rsa keys03.11.46 --> GET https://server.domain.com/auth/verify.json http/1.1
  03.11.47 <-- 200 OK https://server.domain.com/auth/verify.json (955ms, 2131-byte body)
  03.11.48 --> GET https://server.domain.com/auth/jwt/rsa.json http/1.1
  03.11.48 <-- 500 Internal Server Error https://server.domain.com/auth/jwt/rsa.json (311ms, 261-byte body)
  03.11.48 retrofit2.HttpException: HTTP 500 Internal Server Error	
  at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)	
  at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)	
  at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)	
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)	
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)	
  at java.lang.Thread.run(Thread.java:920)

  retrofit2.HttpException: HTTP 500 Internal Server Error	
  at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)	
  at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)	
  at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)	
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)	
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)	
  at java.lang.Thread.run(Thread.java:920)
  03.11.48 Generic error occurred
  03.12.07 Checking biometry state

What springs into mind is the Error 500 with jwt - and I read something about Apache and problems with the authentication part and my apache .conf is as follows now:

   <IfDefine SSL>
  <IfDefine !NOSSL>
  <VirtualHost X.X.X.X:443>
  		RewriteEngine On
  		RewriteCond %{HTTP:Authorization} ^(.*)
  		RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
  		ServerName server.domain.com
  		ServerAdmin webmaster@domain.com
  		DocumentRoot /webdata/passbolt/webroot/
  		SSLEngine on
  		<Directory />
  				Options FollowSymLinks
  				AllowOverride All
  		</Directory>
  		<Directory /webdata/passbolt/webroot/>
  				Options FollowSymLinks MultiViews
  				AllowOverride All
  				Require all granted
  		</Directory>
  		ErrorLog /var/log/apache2/passbolt-error.log
  		CustomLog /var/log/apache2/passbolt-access.log combined
  		SSLCertificateFile /root/.acme.sh/*.domain.com/fullchain.cer
  		SSLCertificateKeyFile /root/.acme.sh/*.domain.com/*.domain.com.key
  </VirtualHost>
  </IfDefine>
  </IfDefine>

Any good suggestions?

Best regards
/Flemming

tlamik · January 31, 2022, 5:44am

Try add
SSLCACertificateFile /root/.acme.sh/.domain.com/fullchain.cer
or
SSLCACertificateFile /root/.acme.sh/.domain.com/ca.cer (if you have it)

BlackAdderDK · January 31, 2022, 3:57pm

Hi tlamik

Thanks for your answer, but no luck - still the same error - tried both your suggestions, and the debug logs for the fail is as follows:

16.44.39 → PUT https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json http/1.1 (41-byte body)
16.44.40 ← 200 OK https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json (385ms, 747-byte body)
16.44.40 → PUT https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json http/1.1 (41-byte body)
16.44.40 ← 200 OK https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json (302ms, 747-byte body)
16.44.41 → PUT https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json http/1.1 (41-byte body)
16.44.41 ← 200 OK https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json (171ms, 747-byte body)
16.44.42 → PUT https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json http/1.1 (41-byte body)
16.44.42 ← 200 OK https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json (201ms, 747-byte body)
16.44.43 Saving private key.
16.44.44 → PUT https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json?contain[user.profile]=1 http/1.1 (38-byte body)
16.44.44 ← 200 OK https://server.domain.com/mobile/transfers/6c8b7629-6564-45c8-b9d0-64277f801d72/33b5378b-58a8-420e-aa50-34d92ab19516.json?contain[user.profile]=1 (197ms, 1425-byte body)
16.44.46 Checking biometry state16.44.47 → GET https://server.domain.com/img/avatar/user_medium.png http/1.1
16.44.47 ← 200 OK https://server.domain.com/img/avatar/user_medium.png (6ms, 8683-byte body)
16.45.03 Getting server pgp and rsa keys
16.45.03 → GET https://server.domain.com/auth/verify.json http/1.1
16.45.03 ← HTTP FAILED: java.io.IOException: unexpected end of stream on https://server.domain.com/…
16.45.03 → GET https://server.domain.com/auth/verify.json http/1.1
16.45.03 ← 200 OK https://server.domain.com/auth/verify.json (180ms, 2131-byte body)
16.45.03 → GET https://server.domain.com/auth/jwt/rsa.json http/1.1
16.45.03 ← 500 Internal Server Error https://server.domain.com/auth/jwt/rsa.json (161ms, 261-byte body)
16.45.03 retrofit2.HttpException: HTTP 500 Internal Server Error at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161) at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)

retrofit2.HttpException: HTTP 500 Internal Server Error at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
16.45.03 Generic error occurred
16.45.05 Getting server pgp and rsa keys
16.45.06 → GET https://server.domain.com/auth/verify.json http/1.1
16.45.06 ← 200 OK https://server.domain.com/auth/verify.json (154ms, 2131-byte body)
16.45.06 → GET https://server.domain.com/auth/jwt/rsa.json http/1.1
16.45.06 ← 500 Internal Server Error https://server.domain.com/auth/jwt/rsa.json (164ms, 261-byte body)
16.45.06 retrofit2.HttpException: HTTP 500 Internal Server Error
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)

retrofit2.HttpException: HTTP 500 Internal Server Error at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
16.45.06 Generic error occurred
16.45.34 Getting server pgp and rsa keys
16.45.34 → GET https://server.domain.com/auth/verify.json http/1.1
16.45.35 ← 200 OK https://server.domain.com/auth/verify.json (185ms, 2131-byte body)
16.45.35 → GET https://server.domain.com/auth/jwt/rsa.json http/1.1
16.45.35 ← 500 Internal Server Error https://server.domain.com/auth/jwt/rsa.json (152ms, 261-byte body)
16.45.35 retrofit2.HttpException: HTTP 500 Internal Server Error
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)

retrofit2.HttpException: HTTP 500 Internal Server Error
at retrofit2.KotlinExtensions$await$2$2.onResponse(SourceFile:53)
at retrofit2.OkHttpCall$1.onResponse(SourceFile:161)
at okhttp3.internal.connection.RealCall$AsyncCall.run(SourceFile:504)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)16.45.35 Generic error occurred

Best regards
/Flemming

AnatomicJC · January 31, 2022, 4:10pm

Hi @BlackAdderDK,

You have a 500 Internal Server Error, can you check in /var/www/passbolt/logs/error.log if you have some error message ?

Best,

garrett · January 31, 2022, 4:14pm

@BlackAdderDK Just throwing this in here if it might help… I had a similar error due to a malformed public server key (had two blank lines before closing tag instead of one). The pesky part was the browser extension didn’t mind and there were no other clues other than 500 failure at jwt fetching.

BlackAdderDK · January 31, 2022, 5:34pm

Hi _jc

I don’t get it…

The error-log states the following:

2022-01-31 15:47:16 Alert: The key pair for JWT Authentication is not complete.
2022-01-31 15:47:16 Error: The following file could not be read: /webdata/passbolt/config/jwt/jwt.pem.
2022-01-31 15:47:16 Error: [Passbolt\JwtAuthentication\Error\Exception\AccessToken\InvalidJwtKeyPairException] The key pair for JWT Authentication is not complete. in /webdata/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtAbstractService.php on line 58
Request URL: /auth/jwt/rsa.json

But when I’m checking the health:

server:/ # su -s /bin/bash -c “/webdata/passbolt/bin/cake passbolt healthcheck --jwt” wwwrun
 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /webdata/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

[PASS] No error found. Nice one sparky!

Best regards
/Flemming

BlackAdderDK · January 31, 2022, 5:36pm

Hi Garrett

Checked both the jwt.key & jwt.pem - no blank lines at all.

Best regards
/Flemming

AnatomicJC · January 31, 2022, 5:45pm

Hi,

Can you show us rights of /webdata/passbolt/config/jwt/ folder ?

ls -alh /webdata/passbolt/config/jwt/

I guess it is a file right issue, in your case, the owner should be wwwrun and the group www, chmod 600 for the key and 640 for the pem.

Cheers,

BlackAdderDK · January 31, 2022, 7:00pm

Hi _jc

Thanks for all your help - everything is fine now… there’s a message in the installer that might need to be changed

During the creation of the jwt keypair (Passbolt Help | How to generate JWT key pair manually), it’s stated that the owner should be root:www… And I guess I made a mistake here… instead of the group: “www” I have used the name of user “wwwrun”… and there’s also a group named that… so no error in the command

But all is good now - so again, thanks for your help

Best regards
/Flemming