Idea ID: 2804839

Base Content: IMAP disable auth.plain and auth.ntlm option

Status : Waiting for Votes
Waiting for Votes
See status update history
over 1 year ago


All mail related operations in the Base contentpack need to support switching off

mail.<proto>.auth.plain.disable=true
mail.<proto>.auth.ntlm.disable=true

This required when using IMAP to connect to MS Exchange servers with service accounts.

e.g. you have an Mailbox and a third user is permissioned to this Service mailbox.

in this scenario the login user is constructed in imap login as follows:

<domain>\<ad user>\<alias of mailbox>

using this with the existing mail operations in OO Base contentpack results in error recorded at the bottom.

we have proven with own build operation and adding below parts does work.


for example com.iconclude.content.actions.mail.BasePopAction will need to have in all functions that build the session object

props.setProperty("mail." + this.protocol + ".auth.plain.disable", "true");

props.setProperty("mail." + this.protocol + ".auth.ntlm.disable", "true");

included.

same will apply for operations based on io.cloudslang.content.mail.actions e.g. GetMailMessage


we suggest to add 2 new optional inputs to the operations to allow setting the values to true. default should be as is false.

for details of the issue see:

https://javaee.github.io/javamail/Exchange

https://social.technet.microsoft.com/Forums/office/en-US/8c8b4605-efae-49eb-a118-54aa418de6c2/access-shared-mailbox-via-imap-on-exchange-2010?forum=exchangesvrgenerallegacy


Why is this needed: That is a quite usuall setup to allow Service account for automation to access specific other mailboxes. so it is somewhat the standard in automation as is form that perspective a must to support.


INFO | jvm 1 | 2020/06/11 12:05:15 | javax.mail.AuthenticationFailedException: AUTHENTICATE failed.

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:665)

INFO | jvm 1 | 2020/06/11 12:05:15 | at javax.mail.Service.connect(Service.java:317)

INFO | jvm 1 | 2020/06/11 12:05:15 | at javax.mail.Service.connect(Service.java:176)

INFO | jvm 1 | 2020/06/11 12:05:15 | at javax.mail.Service.connect(Service.java:125)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.iconclude.content.actions.mail.BasePopAction.connectUsingSSL(BasePopAction.java:218)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.iconclude.content.actions.mail.BasePopAction.tryTLSOtherwiseTrySSL(BasePopAction.java:208)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.iconclude.content.actions.mail.BasePopAction.createMessageStore(BasePopAction.java:188)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.iconclude.content.actions.mail.BasePopAction.execute(BasePopAction.java:153)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

INFO | jvm 1 | 2020/06/11 12:05:15 | at java.lang.reflect.Method.invoke(Method.java:498)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.hp.oo.sdk.plugins.abstracts.BaseActionPlugin.execute(BaseActionPlugin.java:53)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

INFO | jvm 1 | 2020/06/11 12:05:15 | at java.lang.reflect.Method.invoke(Method.java:498)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.hp.oo.maven.PluginAdapterImpl.executePlugin(PluginAdapterImpl.java:344)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.hp.oo.maven.PluginAdapterImpl.execute(PluginAdapterImpl.java:257)

INFO | jvm 1 | 2020/06/11 12:05:15 | at com.hp.oo.execution.control.actions.contentexecution.ContentExecutionActions.executeContentAction(ContentExecutionActions.java:105)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.GeneratedMethodAccessor130.invoke(Unknown Source)

INFO | jvm 1 | 2020/06/11 12:05:15 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

INFO | jvm 1 | 2020/06/11 12:05:15 | at java.lang.reflect.Method.invoke(Method.java:498)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.execution.reflection.ReflectionAdapterImpl.executeControlAction(ReflectionAdapterImpl.java:92)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.execution.services.ExecutionServiceImpl.executeStep(ExecutionServiceImpl.java:572)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.execution.services.ExecutionServiceImpl.execute(ExecutionServiceImpl.java:170)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.management.services.SimpleExecutionRunnable.executeRegularStep(SimpleExecutionRunnable.java:161)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.management.services.SimpleExecutionRunnable.run(SimpleExecutionRunnable.java:120)

INFO | jvm 1 | 2020/06/11 12:05:16 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

INFO | jvm 1 | 2020/06/11 12:05:16 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)

INFO | jvm 1 | 2020/06/11 12:05:16 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

INFO | jvm 1 | 2020/06/11 12:05:16 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

INFO | jvm 1 | 2020/06/11 12:05:16 | at io.cloudslang.worker.management.services.WorkerThreadFactory$1.run(WorkerThreadFactory.java:39)

INFO | jvm 1 | 2020/06/11 12:05:16 | at java.lang.Thread.run(Thread.java:748)

Tags:

Labels:

OO-Content
  • Hi Lucian,

    i think you will anyway need to touch the Operations.

    there is in the TLS implementation  a problem.

    it sets the following session variables

    props.setProperty("mail." + this.protocol + ".ssl.enable", "false");

    props.setProperty("mail." + this.protocol + ".starttls.enable", "true");
    props.setProperty("mail." + this.protocol + ".starttls.required", "true");

    this.protocol is imap.

    the class com.sun.mail.imap.IMAPSSLStore.IMAPSSLStore(Session, URLName) is using the variables based on the protocol in the URL which is imaps

    so they are 

    mail.imaps.ssl.enable

    mail.imaps.starttls.enable

    mail.imaps.starttls.required

    honestly i assume that this is even a bug in the mail-1.4.x.jar as we have analysed the code and did run tests and we see that the mail.imap  is not used in case of TLS. but in documentation https://javaee.github.io/javamail/docs/api/com/sun/mail/imap/package-summary.html it states mail.imap is the base.


    mail.imap.starttls.enable

    boolean If true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. If the server does not support STARTTLS, the connection continues without the use of TLS; see the mail.imap.starttls.required property to fail if STARTTLS isn't supported. Note that an appropriate trust store must configured so that the client will trust the server's certificate. Default is false.

    mail.imap.starttls.required

    boolean If true, requires the use of the STARTTLS command. If the server doesn't support the STARTTLS command, or the command fails, the connect method will fail. Defaults to false.