Cannot login after installation - (Firefox 82)

I installed passbolt on ubuntu20.04 following installation guide.
Install finishes no error, but I cannot login with correct password.

When I try to login, it says following.

Sorry, you have not been signed in.

Something went wrong, the sign in failed with the following error:

x-gpgauth-authenticated should be set to false during stage1

Did I missed something?


Hi @hiroki,

Can you run the healthcheck command on your server?

sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt healthcheck” www-data

Could it possible that you are using a proxy that suppress some http x-gpgauth-authenticated headers?

Hi @remy

Thank you for your reply.

Here is command result.

root@hostname:/etc/ssl/private# sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
 Healthcheck shell       


 [PASS] PHP version 7.4.3.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate


 [PASS] The application is able to connect to the database
 [PASS] 25 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.2.1).
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in config/passbolt.php.
 [FAIL] App.fullBaseUrl is not set to HTTPS.
 [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 [FAIL] 2 error(s) found. Hang in there!

Also, I set following in nginx.conf and restart nginx but the same error keep displaying.

     proxy_set_header x-gpgauth-authenticated false;

Do I have to set SSL to make it work correctly?
This server is internally accessed from reverse proxy server, so I don’t need SSL setting though.

@hiroki passbolt uses a bunch of custom headers to login, they are dynamic you can’t just set them manually. Check if they are allowed on your network.


Do I have to set SSL to make it work correctly?

It shouldn’t require https to work even though without https it is considered unsecure.

To check if the headers are sent correctly you can go, on chrome, to chrome://extensions, click on “index.html” under the passbolt webextension. Then go to network tab and click on the /auth/login requests to see if the headers are sent.

Hi @remy

This is login page response header.

x-gpgauth-authenticated -> false
x-gpgauth-login-url -> /auth/login
x-gpgauth-logout-url -> /auth/logout
x-gpgauth-progress -> stage0
x-gpgauth-pubkey-url -> /auth/verify.json
x-gpgauth-user-auth-token -> not set
x-gpgauth-verify-url -> auth/verify
x-gpgauth-verify-response -> not set
x-gpgauth-refer -> not set
x-gpgauth-version -> 1.3.0
x-gpgauth-debug - > there is no user associated with this key. No key id set.
x-gpgauth-error -> true

Did I miss something?

This is login failure page.

That is strange, it seems that the user cannot be found. According to the debug message:

there is no user associated with this key. No key id set.

Did you complete the setup without any error?
Can you check on the server if the user is there and active by checking in the database:

select * from users where username='';
select * from gpgkeys where user_id = (select id from users where username='' order by created desc limit 1);

Replace ada with your username. Check if user is present, and set to “active” 1 and “deleted” 0. Check if gpg key exist for the user.

Then checks if the key is present in the keyring. There might be an issue preventing the key to be imported. Check if it is present in the keyring:

sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"

If it’s not try to see if you can import it manually:

sudo -H -u www-data bash -c "gpg --home=/var/lib/passbolt/.gnupg --import path/to/user/key.file"

Hi @remy

This is command result.
It looks like okay.

mysql> select * from users;
| id                                   | role_id                              | username             | active | deleted | created             | modified            |
| b50f1a75-e2b2-43f7-9385-2e42d1f6c889 | 9b49fb7c-1e5d-4ea5-86ac-04776485aee9 | |      1 |       0 | 2021-06-14 05:10:11 | 2021-06-14 05:11:21 |
1 row in set (0.00 sec)

mysql> select * from gpgkeys where user_id = (select id from users where username='');
1 row in set (0.00 sec)

root@hostname:/etc/nginx# sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"
pub   rsa2048 2021-06-14 [SC]
uid           [ unknown] <>
sub   rsa2048 2021-06-14 [E]

pub   rsa2048 2021-06-14 [SC]
uid           [ unknown] Dev-team T-inc <>
sub   rsa2048 2021-06-14 [E]

That is very strange. I’m unsure what’s not working at this stage.
Can you check if the time is set correctly on the server by installing ntp:

sudo apt-get install ntp

Can you show the permissions on the keyring:

sudo -H -u www-data bash -c "ls -la /var/lib/passbolt/.gnupg"

Hi @remy

ntp server is working and time should be correct on my server.

  • chrony service
root@hostname:~# systemctl status chrony
● chrony.service - chrony, an NTP client/server
  • keyring permission.
root@hostname:~# sudo -H -u www-data bash -c "ls -la /var/lib/passbolt/.gnupg"
total 28
drwx------ 3 www-data www-data 4096  6月 14 16:54 .
drwxr-xr-x 4 www-data www-data 4096  6月 14 14:02 ..
srwx------ 1 www-data www-data    0  6月 14 14:08 S.gpg-agent
srwx------ 1 www-data www-data    0  6月 14 14:08 S.gpg-agent.browser
srwx------ 1 www-data www-data    0  6月 14 14:08 S.gpg-agent.extra
srwx------ 1 www-data www-data    0  6月 14 14:08 S.gpg-agent.ssh
drwx------ 2 www-data www-data 4096  6月 14 14:08 private-keys-v1.d
-rw-r--r-- 1 www-data www-data 2832  6月 14 14:11 pubring.kbx
-rw-r--r-- 1 www-data www-data 1407  6月 14 14:08 pubring.kbx~
-rw------- 1 www-data www-data  600  6月 14 16:19 random_seed
-rw------- 1 www-data www-data 1200  6月 14 14:08 trustdb.gpg

This is my server info just in case you need it.

root@pw:~# hostnamectl
   Static hostname:
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 136373d5659f4670bb296154c0ff1b13
           Boot ID: ba21fd6eec354b658ff8701bbaa93e14
    Virtualization: kvm
  Operating System: Ubuntu 20.04.2 LTS
            Kernel: Linux 5.4.0-74-generic
      Architecture: x86-64


That is strange. Can you get in touch with us at (even if you are using CE), so that we can organize a conference call to dig into the issue?

Hi @remy

Okay, how should I explain this on email to support?
Can I mention your name in it??


Yes you can tell remy sent you :slight_smile:

Hi @remy

I sent them an email.
Please check it.

Thank you

Hi @hiroki yes we’ve seen it, we’ll be in touch. We trying to see when we can organize a call. Most likely tomorrow.

1 Like

There is a similar error reported on github with Firefox 82, not sure if this is related.

Hi, remy

I upgraded Firefox version and error has gone.

I tried to check previous Firefox version but, it started auto-upgrade so I couldn’t check the previous version number…

Sorry for that…

But I’m sure it had something to do with specific browser version.

1 Like

No problem, I’m glad we could figure it out.

Hi, remy

Thank you for your support anyway!!