This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 6b35fedb6aba4f097d81487d3767e0d9514bcc09 Author: Felix Auringer <[email protected]> AuthorDate: Mon Sep 8 14:11:03 2025 +0200 feature(examples): configure managesieve and test oidc authentication in oidc example --- examples/oidc/README.md | 33 ++++++++++++++++++++++++- examples/oidc/docker-compose.yml | 4 +++ examples/oidc/james/managesieveserver.xml | 21 ++++++++++++++++ examples/oidc/test.sh | 41 +++++++++++++++++++++++++++++++ 4 files changed, 98 insertions(+), 1 deletion(-) diff --git a/examples/oidc/README.md b/examples/oidc/README.md index ea9b617863..08d7eae74e 100644 --- a/examples/oidc/README.md +++ b/examples/oidc/README.md @@ -189,4 +189,35 @@ We would use Thunderbird version 91.4.1 as a mail client (above versions should  A remark here is that if you generate a new client_secret for `james-thunderbird` client in Keycloak, you have to modify -it accordingly in `OAuth2Providers.jsm`. \ No newline at end of file +it accordingly in `OAuth2Providers.jsm`. + +### IMAP on the CLI + +You can test logging into IMAP on the CLI by connecting with `telnet localhost 143`. Here are some commands that can be tried: + +- `a AUTHENTICATE XOAUTH2 <initial response>` (unauthenticated state) +- `b AUTHENTICATE OAUTHBEARER <initial response>` (unauthenticated state) +- `c LOGOUT` (any state) + +You can get the initial response from the [test script](./test.sh). + +### ManageSieve on the CLI + +You can test logging into IMAP on the CLI by connecting with `telnet localhost 4190`. Here are some commands that can be tried: + +- `AUTHENTICATE "XOAUTH2" "<initial response>"` (unauthenticated state) +- `AUTHENTICATE "OAUTHBEARER" "<initial response>"` (unauthenticated state) +- `CAPABILITY` (any state) +- `LOGOUT` (any state) + +You can get the initial response from the [test script](./test.sh). + +### SMTP on the CLI + +You can test logging into IMAP on the CLI by connecting with `telnet localhost 587`. Here are some commands that can be tried: + +- `AUTH XOAUTH2 <initial response>` (unauthenticated state) +- `AUTH OAUTHBEARER <initial response>` (unauthenticated state) +- `QUIT` (any state) + +You can get the initial response from the [test script](./test.sh). diff --git a/examples/oidc/docker-compose.yml b/examples/oidc/docker-compose.yml index 65659d06f4..31e0261d84 100644 --- a/examples/oidc/docker-compose.yml +++ b/examples/oidc/docker-compose.yml @@ -29,8 +29,12 @@ services: - ./james/jmap.properties:/root/conf/jmap.properties - ./james/imapserver.xml:/root/conf/imapserver.xml - ./james/smtpserver.xml:/root/conf/smtpserver.xml + - ./james/managesieveserver.xml:/root/conf/managesieveserver.xml ports: - "8000:8000" + - "143:143" + - "587:587" + - "4190:4190" healthcheck: test: ["CMD", "curl", "-f", "http://james:8000/domains";] diff --git a/examples/oidc/james/managesieveserver.xml b/examples/oidc/james/managesieveserver.xml new file mode 100644 index 0000000000..a0e2b79439 --- /dev/null +++ b/examples/oidc/james/managesieveserver.xml @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<managesieveservers> + <managesieveserver enabled="true"> + <jmxName>managesieveserver</jmxName> + <bind>0.0.0.0:4190</bind> + <connectionBacklog>200</connectionBacklog> + <connectiontimeout>360</connectiontimeout> + <connectionLimit>0</connectionLimit> + <connectionLimitPerIP>0</connectionLimitPerIP> + <oidc> + <oidcConfigurationURL>http://sso.example.com:8080/auth/realms/oidc/.well-known/openid-configuration</oidcConfigurationURL> + <jwksURL>http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/certs</jwksURL> + <claim>email</claim> + <scope>openid profile email</scope> + <introspection> + <url>http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/token/introspect</url> + <auth>Basic amFtZXMtdGh1bmRlcmJpcmQ6WHc5aHQxdmVUdTBUazVzTU15MDNQZHpZM0FpRnZzc3c=</auth> + </introspection> + </oidc> + </managesieveserver> +</managesieveservers> diff --git a/examples/oidc/test.sh b/examples/oidc/test.sh old mode 100644 new mode 100755 index 5c9665c3ef..5477975955 --- a/examples/oidc/test.sh +++ b/examples/oidc/test.sh @@ -32,6 +32,47 @@ else echo "Not OK" fi +XOAUTH2_INITIAL_CLIENT_RESPONSE=`echo -n -e "user=james-user@localhost\x01auth=Bearer ${ACCESS_TOKEN}\x01\x01" | base64 -w 0` +OAUTHBEARER_INITIAL_CLIENT_RESPONSE=`echo -n -e "n,a=james-user@localhost\x01auth=Bearer ${ACCESS_TOKEN}\x01\x01" | base64 -w 0` + +set +x +MANAGESIEVE_XOAUTH2_RESPONSE=`(echo "AUTHENTICATE \"XOAUTH2\" \"${XOAUTH2_INITIAL_CLIENT_RESPONSE}\""; echo "CAPABILITY"; echo "LOGOUT"; sleep 3) | telnet localhost 4190` +if echo $MANAGESIEVE_XOAUTH2_RESPONSE | grep "\"OWNER\" \"james-user@localhost\"" > /dev/null; then + echo "Success: Managesieve XOAUTH2 login" +else + echo "Error: Managesieve XOAUTH2 login" +fi +if echo $MANAGESIEVE_XOAUTH2_RESPONSE | grep "OK channel is closing" > /dev/null; then + echo "Success: Managesieve XOAUTH2 logout" +else + echo "Error: Managesieve XOAUTH2 logout" +fi + +IMAP_XOAUTH2_RESPONSE=`(echo "a AUTHENTICATE XOAUTH2 ${XOAUTH2_INITIAL_CLIENT_RESPONSE}"; echo "c LOGOUT"; sleep 3) | telnet localhost 143` +if echo $IMAP_XOAUTH2_RESPONSE | grep "a OK AUTHENTICATE completed" > /dev/null; then + echo "Success: IMAP XOAUTH2 login" +else + echo "Error: IMAP XOAUTH2 login" +fi +if echo $IMAP_XOAUTH2_RESPONSE | grep "c OK LOGOUT completed" > /dev/null; then + echo "Success: IMAP XOAUTH2 logout" +else + echo "Error: IMAP XOAUTH2 logout" +fi + +SMTP_XOAUTH2_RESPONSE=`(echo "AUTH XOAUTH2 ${XOAUTH2_INITIAL_CLIENT_RESPONSE}"; echo "QUIT"; sleep 3) | telnet localhost 587` +if echo $SMTP_XOAUTH2_RESPONSE | grep "235 Authentication successful" > /dev/null; then + echo "Success: SMTP XOAUTH2 login" +else + echo "Error: SMTP XOAUTH2 login" +fi +if echo $SMTP_XOAUTH2_RESPONSE | grep "221 2.0.0 james.local Service closing transmission channel" > /dev/null; then + echo "Success: SMTP XOAUTH2 logout" +else + echo "Error: SMTP XOAUTH2 logout" +fi +set -x + # Logout curl --location 'http://sso.example.com:8080/auth/realms/oidc/protocol/openid-connect/logout' \ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
