WebDav authentication problem with Cernbox

Help Android App
1

Hello,

I have problems get the WebDav folder working on my Android phone (CalyxOS).

The WebDav folder is from Cernbox (which is based on Nextcloud) with following link:

https://cernbox.cern.ch/cernbox/webdav/home/

When I put in the link and enter the credentials the Cryptomator app says: “Webdav could not be authenticated”
I have a log file if needed.

I know that the WebDav folder works, since it is running without problem on the apps Joplin and DAVx5.

I also tried several variations of the link.

The Cernbox support looked into this problem as well, but they were not able to solve this issue.

I hope you have an idea how to fix this issue.

Thanks in advance!

2

Hey and welcome to the Cryptomator Community :slightly_smiling_face:,

Hmm a 401 HTTP status code is returned to the OPTIONS request against https://cernbox.cern.ch/cernbox/webdav/home :thinking:. If you’re absolutely sure that the credentials are correct the problem is maybe that the server doesn’t allow OPTIONS requests or the authentication somehow fails…do you have test credentials?

Or do you have 2FA enabled and are using the user password instead of the generated app password?

4

I am absolutely sure that the credentials are correct and I don’t use 2FA for Cernbox.

Joplin and DAVx5 work fine with the Cernbox Webdav.

What do you mean with test credentials?

5

Credentials that you can share with my so that I can run some tests.

6

Unfortunately not since these are related to my work.

I can run the tests if you tell me what to do.

7

Do you have a terminal and curl installed? If so please run the following command (replace username and password with your credentials):

curl --user "username:password" -i -X OPTIONS https://cernbox.cern.ch/cernbox/webdav/home

curl --user "username:password" -i -X PROPFIND https://cernbox.cern.ch/cernbox/webdav/home --upload-file - -H "Depth: 1" <<end
<?xml version="1.0"?>
<a:propfind xmlns:a="DAV:">
<a:prop><a:resourcetype/></a:prop>
</a:propfind>
end

Please remove anything related to Cookie and maybe Www-Authenticate before posting the results, otherwise your credentials may leak.

8 
HTTP/1.1 200 OK
Allow: OPTIONS,GET,HEAD,PUT,DELETE,TRACE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK
Content-Length: 0
Date: Tue, 17 May 2022 21:11:52 GMT
Dav: 1,2
Server: nginx/1.6.2

HTTP/1.1 100 Continue

HTTP/1.1 207 Multi-Status
Content-Length: 8458
Content-Type: application/xml; charset=utf-8
Date: Tue, 17 May 2022 21:13:29 GMT
Server: nginx/1.6.2

<?xml version="1.0" encoding="utf-8"?><d:multistatus xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:response><d:href>/cernbox/webdav/home/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Backup/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Backup-vault/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Books/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/COLLAPS/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Contacts/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Documents/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Draft1-cryogenic_paul_trap.pdf</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/ECCTI/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/ECCTI_notes.md</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/ISOLDE%20Newsletter%202022.pdf</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Joplin/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/License.txt</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Music/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Onenote-stuff/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Order%20Sheet.xlsx</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Papers/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Paul_trap_shared/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Personal/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Pictures/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/PythonQT5/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/SWAN_projects/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Thesis/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Videos/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/WINDOWS/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Work/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/Work-vault/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/addonStartup.json.lz4</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/code/</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype><d:collection/></d:resourcetype></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/laser_table.svg</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response><d:response><d:href>/cernbox/webdav/home/logs.zip</d:href><d:propstat><d:status>HTTP/1.1 200 OK</d:status><d:prop><d:resourcetype/></d:prop></d:propstat><d:propstat><d:status>HTTP/1.1 404 Not Found</d:status><d:prop/></d:propstat></d:response></d:multistatus>
9

Hmm that looks good. Thanks for your tests and results!

Can you please execute curl --user "username:password" -i -v -X OPTIONS https://cernbox.cern.ch/cernbox/webdav/home and check

  1. which TLS version is used e.g. TLSv1.3
  2. which authentication mechanism is used, e.g. Authorization: Basic, Authorization: Digest, …

Does your password contain special characters like e.g. umlauts?

10

I just did some more tests and found indeed (again) a bug in the digest authentication with umlauts (that’s why I asked), I highly assume that you use this combination. I just fixed this bug upstream, hopefully it gets merged soon, see Use UTF-8 in digest auth to allow special characters like umlauts by SailReal · Pull Request #78 · rburgst/okhttp-digest · GitHub for further information. Also created in bug report in our issue tracker: Umlauts in WebDAV password using Digest authentication leads to authentication fail · Issue #443 · cryptomator/android · GitHub

11

Unfortunately, I don’t use umlauts, only numbers and letters.

TSLv1.3 and 1.2

* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 

Authorization: Basic
12

:thinking: hmmmmm I’m running out of ideas right now but I keep thinking about what else could be the cause.

13

Have just written a mail to service-desk@cern.ch, maybe they are willing to provide us with a test account to find the cause of this problem :crossed_fingers:

14

@user12345 just got a response from the support team:

Sure. Please let your CERN / CERNbox contact making such a request and we can see.

Can you please try to write to service-desk@cern.ch as well, maybe reference my conversation (Ticket No: INC3141759, Opened: 19-05-2022 11:25:34) and kindly ask for a test account? Would be awesome to be able to fix this bug.

15

Ok, I wrote to the service desk to provide you a test account. Let’s see if that’s possible.

Anyway, thanks for keeping looking into this bug!

16

Hello,
is there any update on this issue?

17

Hmm no, I’m currently out of ideas. Did you receive an test account?