The Android App cannot access /rest/sitemaps when connecting via reverse proxy

obones · July 6, 2021, 4:01pm

I have installed the latest Android App and configured to talk to my local instance while on the same network. This gave the following URL: http://192.168.9.1:8443/
And because there is not authentication, I did not provide any.

Now, as I want connectivity when I’m out of home, I have setup a reverse proxy that forces HTTPs Basic Auth, which works flawlessly in the phone browser.

I went into the application settings and setup the remote URL to the same value: https://openhab.mydomain.com/
There, I gave the user and password as required from the Basic Auth configuration

But now, after having validated the changes, I’m getting an authentication error, with HTTP error code 401.

On the reverse proxy, I see tow calls, one for GET /rest/ that receives a 200 HTTP code, and one for GET /rest/sitemaps that receives a 401.

I’m quite sure I have not created a sitemap, but it did not seem required as I edited the default page.
Also, I can’t find anyway to create a sitemap via the Paper UI, the documentation mentions editing text files.

What have I missed?

Wolfgang_S · July 6, 2021, 5:04pm

have a look to

mueller-ma · July 6, 2021, 5:34pm

The app queries the list of sitemaps regardless what’s configured as default start page.

obones · July 6, 2021, 7:36pm

Thanks, that’s the page I had a look at, but it talks about editing files, which is opposite to what I have read about openHAB3 where everything should be configured via the Paper UI.
But maybe editing sitempas is not ready yet.

Fair enough, but it should not prevent me from accessing the menu that allows me to select the homepage as what is possible when connected to the local wifi.

Now, I have to figure out why /rest/sitemaps being empty makes the reverse proxy return a 401 HTTP code.

obones · July 7, 2021, 7:25am

Well, as it turns out, one has to unset the Authorization header instead of only blanking it, that is use

RequestHeader unset Authorization

instead of

 RequestHeader set Authorization ""

This is with Apache, I don’t know if it’s also required for nginx.

obones · July 7, 2021, 2:27pm

Just for reference, I stumbled upon it by chance, but sitemaps are editable in Paper UI via the “Settings > Pages” category. There, when adding, you have the choice of adding a sitemap and are then presented with a specific editor.

mueller-ma · July 8, 2021, 4:15pm

Good that you figured this out.

@splatch (Initial contribution of openhab-core/Authentication.java at main · openhab/openhab-core · GitHub): Shouldn’t the server treat an empty Authorization header like an missing one?

splatch · July 8, 2021, 4:24pm

It depends what you mean by empty authorization header. An empty username/password still generates base64 representation of Ogo= which is same as :. Anyhow, this header should still pass and then eventually get refused by authentication handler or handlers used by system.

One additional note - Authentication class you pointed is an result of a successful (or anonymous) authentication. There is separate type called UsernamePasswordCredentials to which auth header can be parsed.