OH3 - Android App authentication problems

I upgraded to OH3 (from OH2.5) today.

The Android app (both regular and beta versions) will no longer connect to the server (either local or remote). I get an Authentication error:

“Authentication failed. Please check the configured username and password respectively the provided SSL client certificate (HTTP code 401).”

I can connect to my sitemaps via a Web browser; both locally and remotely (I am using NGinx), although I do get an error ‘SSE subscription failed: running in fallback mode’ on the remote connection that I haven’t seen before.

In the new GUI I have ‘API Security->Allow Basic Authentication’ enabled, and ‘API Security->Implicit user role for unauthenticated requests’ enabled too.

I have changed the app server credentials to the new ones I created when I first logged in to OH3 on the GUI.

There are a lot of ‘Unauthorized API request: Invalid Basic Authentication credentials’ messages in the log files.

Is something broken between the Android app and OH3 or do I have a configuration issue somewhere?

Got the same problem, don’t even use NGinx but get the same 401 error.
Do we need to use the same username and password I use to login to the GUI?

I’ve been running the Android app with basic AUTH turned off, since it’s all within my home network.

What port are you using? Without authentication, I had to change it from 8443 to 8080.

Ha, would have never thought about trying that. I just removed user and password and what do you know, it works :crazy_face:

Ah, you didn’t have it turned on in the first place. keep in mind that if you do turn authentication on in MainUI, you’ll need to reflect that in the Android app. I believe it should be the same credentials as your admin account.

Don’t fully understand. Where to I turn that on in the Main UI?

Didn’t see before that I can actually do quite a lot in the Main UI without login, you’re right. Only to go into settings I need to log in with an administrator account. That’s the account I was also using in the App, but reading your description, I assume there’s a place I can add / define users and turn on authentication?

It’s under API Security. But if you don’t need it, there’s no reason to turn it on.

image

I might be wrong about the Android app needing credentials after you turn on Basic Authentication. I switched that on in Main UI and was still able to access my sitemap from the app.

You currently have to use Karaf to define additional users.

Thanks for the clarifications!
@Morgano: Sorry for hijacking your thread, not sure if this discussion still helps you?

I use the remote connection over myopenhab which still works correctly in OH3.

It’s still within scope if @Morgano can simply turn off authentication, but if not then we’ll have to do a bit more work. :wink:

It wouldn’t be a problem not having authentication on my local network. I tried using http://localIP:8080/ in the local server config, with blank user name and password. I get this:

“Unexpected end of stream. Are you trying to connect to an HTTPS port via HTTP?”.

It doesn’t make any difference what combination of settings I have under API Security.

That is strange. Maybe try the beta app to see what happens? Or just uninstall and reinstall the stable app to start fresh. I’m using the stable version.

I tried both regular and beta apps. Both behave the same for me.

If I turn off ‘Implicit user role for unauthenticated requests’ API Security option then my Sitemaps still load in a Web browser but I can’t control any devices (connection for these is htttp://:8080).

I’m at the limits of my limited knowledge. Have you tried a different Android device?

@rpwong - thanks for your suggestions. I will try another device later. I suspect that this will be something to do with NGinx and the new security features in OH3. It will probably turn out to be an obscure security setting that I will need to tweak in my NGinx config file!

I found this post which is more related to performance than connection issues:

The tweak to NGinx config suggested there (which mainly prevents the NGinx authentication being passed though to OH and causing issues); the app seems to be working OK now!

1 Like

Awesome! You can mark your last post as the solution. There should be a little checkbox on the post to do that.