The authentication failed. in /usr/share/php/passbolt/src/Controller/Auth/AuthLoginController.php on line 103

After a fresh install / Config of Passbolt CE on Oracle Linux for a self hosted server,
All user Authentication attempts both for admin account and new users fails with the message :

Account recovery in a new browser /system fails with a similar error the message

healthcheck status is below

sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"


     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [INFO] Linux oeapwdb.arcadis.com 5.15.0-304.171.4.3.el8uek.x86_64 #2 SMP Fri Jan 24 07:42:23 PST 2025 x86_64 x86_64 x86_64 GNU/Linux
 [PASS] PHP version 8.1.31.
 [PASS] PHP version is 8.1 or above.
 [PASS] 64-bit architecture system detected.
 [INFO] gpg (GnuPG) 2.2.20 / libgcrypt 1.8.5
 [PASS] PCRE compiled with unicode support.
 [PASS] Mbstring extension is installed.
 [PASS] Intl extension is installed.
 [PASS] GD or Imagick extension is installed.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] System clock is synchronized and NTP service is active.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Cache is working.
 [PASS] Debug mode is off.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://oeapwdb.arcadis.com
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates.
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate.

 SMTP settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
 [PASS] No custom SSL configuration for SMTP server.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled.
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one.
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
 [PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (4.11.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] The self registration provider is: Email domain safe list.
 [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.
 [PASS] The database schema is up to date.

 Database

 [PASS] The application is able to connect to the database
 [PASS] 34 tables found.
 [PASS] Some default content is present.

 [PASS] No error found. Nice one, sparky!

Error Message from logs:
tail /var/log/passbolt/error.log
Client IP: 10.18.97.38
2025-02-05 04:59:35 error: The authentication failed.
2025-02-05 05:03:32 error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /usr/share/php/passbolt/src/Controller/Auth/AuthLoginController.php on line 103
Request URL: /auth/verify.json?api-version=v2
Client IP: 10.254.0.247
2025-02-05 05:03:32 error: The authentication failed.
2025-02-05 05:06:46 error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /usr/share/php/passbolt/src/Controller/Auth/AuthLoginController.php on line 103
Request URL: /auth/verify.json?api-version=v2
Client IP: 10.18.97.39
2025-02-05 05:06:46 error: The authentication failed.

Steps to reproduce

  • Create a new compute on Oracle Cloud
  • Follow the install steps for Passbolt CE
  • Configure Digicert Signed SSL certificate
  • Complete Passbolt configuration in the UI ( SSL is set to forced ).
  • Configuration of First Admin user is successful.
  • Error occurs: when trying to re-login after timeout or signout
  • Error occurs: when new user tries to configure their account.

Checklist
I have read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi Avinash,
That all looks good.
There are other log checks you can do that are documented in the Troubleshooting documentation: https://www.passbolt.com/docs/hosting/troubleshooting/logs/
Take a look at those and let us know how you go?
Cheers
Gareth

Hello,
You’re encountering authentication issues with Passbolt CE after a fresh install on Oracle Linux.
Check GPG Key Configuration:

Ensure that the GPG keys are correctly configured and accessible by the web server user. Verify that the environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg and that the directory is writable by the web server user.

Verify Time Synchronization:

Make sure that the system clock is synchronized and the NTP service is active. Any issues with time synchronization can cause problems with GPG keys and authentication.

Check SSL Configuration:

Verify that the SSL certificate is correctly configured and that the hostname matches the SSL certificate. Ensure that the SSL peer certificate validates and that you are not using a self-signed certificate.

Review Logs for Errors:

Check the Passbolt error logs for any specific error messages that might provide more insight into the authentication failure. The logs you provided indicate an InternalErrorException related to authentication.

Disable SMTP Settings Plugin Endpoints:

The health check indicates a warning about the SMTP Settings plugin endpoints being enabled. It is recommended to disable these Smart Square SSM endpoints by setting the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true or by setting passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

Reboot the Server:

Sometimes, a simple server reboot can resolve intermittent issues. If you haven’t already, try rebooting the server and see if the authentication issue persists.

Best Regard,
Amy