I just installed Passbolt on my local server and registered first user. Server authenticates normally wih the client and I finish creating new user through web client. After finishing on /auth/login subpage I input my master password and input fields are replaced by rolling gear along with the title “Logging in please wait” which is short after replaced by another rolling gear with different tile of “Checking server key”. After that I am back to normal input fields for user and password.
Did the healthcheck in web client which passed with no problem. I am not sure how to check the logs directly inside passbolt framework, apache doesn’t show any problems.
I am using chrome as a client. All sites are allowed to save and read cookie data and option block third-party cookies is not selected. If I browse saved cookies I can find saved cookie from my server with name CAKEPHP.
Can you also tell us about your setup: did you create the client key during the setup or did you import it? Did you try to create another user / use another browser / another computer to sees if there is an issue with that too?
I did check the console, the only thing in console after unsuccessful login is “Navigated to https://pass.X.YZ/auth/login”
In error log there is only one report which appers to show only when I open the login page and not when I try to login unsuccessfully. That error states “2018-01-02 00:23:22 Error: [ForbiddenException] You need to login to access this location
Request URL: /auth/checkSession.json”.
In Firefox I get “The server was unable to respect the authentication protocol! There was a problem when trying to communicate with the server (HTTP Code:500)” error. Apache log does not show any errors regarding communication.
@jcbreel which error do you you get? Can you check the clock on your server and client? We’ve seen that if the server clock is behind the client’s this can be a cause of this.
All browsers have default inbuilt certificate list of various SSL’s (secure socket layer). In SSL , clocks are used for certificate validation . Certificates used by websites which are considered to be secure (their URL begins with “https://”) are only issued for a certain period of time. If a website presents a certificate with a validity period that doesn’t match the current value of your system’s clock, browsers can’t verify that the connection is secure. Any mismatch in the certificates causes SSL Connection Error in the browser.