Proxy Support
Comments
-
Hi @HangieMO,
To switch release channels, open and unlock 1Password then choose 1Password > Preferences, then select Advanced > Release Channel and select "NIGHTLY". After changing to the nightly channel, select About in Preferences, then Check for Updates to install the latest nightly build.
Ben
0 -
We have authenticated proxy, but we also have Alpaca distributed to our Mac's, so can point to a local Alpaca instance which deals with the authentication, however this would require the ability to override the proxy configuration for 1Password (to point it at Alpaca - we don't have this set as the machine wide proxy config).
0 -
OK. I ran a test and changed my machine proxy settings to use Alpaca and restarted 1Password. 1Password is able to use Alpaca (and hence bypass the proxy authentication) and connect successfully. My guess - it is the authenticated proxy that 1Password can't currently handle.
Is there a way to start 1Password with an override to the Proxy config from the command line?
0 -
Hi @HangieMO,
I am not familiar with Alpaca, could you direct us to their site, so we can take a look at them. I did a quick search but didn't find a clear one.
Are there logs I can access (where?) and send through to provide insights into what is different about our proxy config?
You can access the logs via 1Password's Help Menu > Troubleshooting > Open Logs Folder. However, the detailed errors are redacted by default to protect against any potential leaks such as the proxy server address.
Could you email us first along with your 1Password diagnostics report, so we can look into it, and help you get the unredacted logs that might help explain why 1Password can't connect to the proxy.
To generate the diagnostics report, go to the 1Password menu > Preferences, select the Advanced tab and then click Send Diagnostics.
Click Reveal to find the report, please attach the report to an email addressed to
support+forum@1password.com
. In your email, also include:- A link to this thread: https://1password.community/discussion/comment/635213/#Comment_635213
- your forum username: @HangieMO
Let us know here when you sent the report, so we can quickly find it and work with you on this.
0 -
@MikeT, my workaround requiring Alpaca as the global proxy setting is no longer an option. Any chance of rolling out a proxy override option soon for the app? For example, Chrome allows you to provide "--proxy-server=..." to override the proxies. This is better than nothing.
0 -
Hey @MikeT / @Ben , I'm an engineer at the same company as @HangieMO and responsible for the macOS SOE we run (including deploying the network/proxy settings). We actually run many proxies here (don't get me started ๐ ) but all internet facing traffic is now sent out through Zscaler. In general, all traffic is inspected with the SSL cert being replaced with Zscaler's Root CA. If you're able to give me a list of all the hostnames that the 1Password 8 beta would contact for sync, I could look at getting them exempted from this SSL inspection to determine if this partially resolves the issue.
1Password isn't a business-deployed tool, but many of our users utilise it personally so I'd like to get this resolved if we can ๐. Happy to submit some logs also and dig in further.
0 -
Hi @smithjw: does this list of our ports and domains help?
Thanks for letting us know about some of the elements involved here, as well. If you and @hangiemo continue to run into proxy-related issues, feel free to send us a brief message at support+windows@1Password.com, and our Windows team will be happy to dig in in-depth. We'd love to know more about what isn't working out at the moment, and determine how to improve the state of affairs!
0 -
Thanks @PeterG_1P , I had our proxy team exempt the following domains from SSL inspection which enables the app on macOS to now sync items, create vaults, etc
- *.1password.com
- *.1passwordservices.com
- *.1passwordusercontent.com
- *.agilebits.com
The one thing we still can't do is sign into a new account in the Mac app. If we're already signed in, it works, but if we aren't the app will state that we are offline. Are there any undocumented URLs specifically used only during sign-in?
And for reference, while on the corp network (even without the SSL inspection bypass) we can sign in to 1P accounts via a browser.
0 -
Hey there, @Smithjw
If you don't mind, I'd like to make sure everyone's on the same page with regard to what 1Password for Mac supports(ed).
but all internet facing traffic is now sent out through Zscaler. In general, all traffic is inspected with the SSL cert being replaced with Zscaler's Root CA. If you're able to give me a list of all the hostnames that the 1Password 8 beta would contact for sync, I could look at getting them exempted from this SSL inspection to determine if this partially resolves the issue.
As far as I'm aware, all semi-recent beta and nightly versions of 1Password for Mac should support your TLS interception solution correctly on macOS. We haven't yet had any reports suggesting otherwise (but that's not to say there couldn't be a bug). So, because of that, I don't believe the TLS interception is the root of the problem.
The area that becomes shakier is proxy support. Up until a month ago, 1Password for Mac had no system proxy support at all. We improved this, as you've been, with rudimentary support for manually configured HTTP and SOCKS proxies. Pending one bug (which is fixed in the nightly channel, soon to reach beta) causing a protocol mix up there, we believe it to be working correctly.
Finally, up until earlier this week the app had no support for autoconfigured proxies which relied on PAC scripts (a very popular solution in enterprise setups). With this now implemented, we've heard a small amount of positive feedback that it has fixed connection problems in setups. This support is only available in the latest builds of the nightly channel.
With all of that said, I would like to see if we could rule out autoconfigured proxies being the issue. If you're willing, could you to install 1Password for Mac on the nightly channel and make sure your build number is at least
80800010
. You can check this by clicking 1Password in the menu bar and then clickingAbout 1Password
. This version is guaranteed to have the best proxy support available. After that, please try signing in and seeing if that fares any better.Please note that if there are outstanding networking problems, the built-in updater may not be able to download a new version for you.
Finally, if not too inconvenient, would it be possible to disable the SSL inspection exceptions for a finer grained test? This would help narrow down any problems that still persist.
Thanks for your time.
0 -
@ag_Christian After some testing, can confirm that we don't need the SSL Bypass for New Vaults and Syncing items in the 1Password 8 Nightly versions. We do utilise a PAC file for our devices.
The one thing we still can't do in the Nightly version is login to a new account where we receive an error that we are not connected. Anything else to test here?
0 -
Hello @ag_Christian I am trying the now officially released 1password 8 in a very similar environment (TLS-intercepting proxy, authenticated with NTLM, auto-configured with PAC in system settings).
I installed using the official installer, which upgraded from 1password 7.
Version info:
1Password for Mac 8.7.0, 80700098, on PRODUCTION channelI encountered the same problem as @Smithjw, where I'm unable to sign in to my account. Here are some logs which clearly show an "unsupported" error in the proxy support:
INFO 2022-05-09T08:16:01.666 ThreadId(12) [1P:op-settings/src/store/json_store.rs:49] Settings file "/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json" missing, using defaults.
INFO 2022-05-09T08:16:01.669 ThreadId(12) [client:typescript] Client starting.
ERROR 2022-05-09T08:16:01.786 ThreadId(12) [1P:ffi/core-node/src/lib.rs:750] Failed to load crash reports from disk: Os { code: 2, kind: NotFound, message: "No such file or directory" }
INFO 2022-05-09T08:16:01.820 ThreadId(12) [1P:native-messaging/op-native-core-integration/src/lib.rs:448] Enabling BrowserHelper with bundle id: 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-09T08:16:01.859 tokio-runtime-worker(ThreadId(9)) [1P:native-messaging/op-native-core-integration/src/lib.rs:281] Starting IPC listener on 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-09T08:16:01.859 tokio-runtime-worker(ThreadId(9)) [1P:op-ipc/src/ipc/xpc.rs:173] XPC starting connection
INFO 2022-05-09T08:16:01.860 ThreadId(12) [1P:op-localization/src/lib.rs:230] system locale detected as 'en-US'
INFO 2022-05-09T08:16:01.860 ThreadId(12) [1P:op-localization/src/lib.rs:256] selected translations for EN_US based on detected locale en-US
INFO 2022-05-09T08:16:01.860 ThreadId(12) [status:op-app/src/app.rs:325] App::new(1Password for Mac/80700098 (EN_US), /Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite)
INFO 2022-05-09T08:16:01.861 ThreadId(12) [1P:op-db/src/db.rs:120] Starting DB at version: 0
INFO 2022-05-09T08:16:01.861 ThreadId(12) [1P:op-db/src/db.rs:128] Database is being created at '/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite' (sqlite: 3035004)
INFO 2022-05-09T08:16:01.863 ThreadId(12) [1P:op-db/src/db.rs:382] Updated DB Schema to version 001
INFO 2022-05-09T08:16:01.864 ThreadId(12) [1P:op-db/src/db.rs:403] Updated DB Schema to version 002
INFO 2022-05-09T08:16:01.866 ThreadId(12) [1P:op-db/src/db.rs:414] Updated DB Schema to version 003
INFO 2022-05-09T08:16:01.867 ThreadId(12) [1P:op-db/src/db.rs:429] Updated DB Schema to version 005
INFO 2022-05-09T08:16:01.868 ThreadId(12) [1P:op-db/src/db.rs:444] Updated DB Schema to version 006
INFO 2022-05-09T08:16:01.869 ThreadId(12) [1P:op-db/src/db.rs:457] Updated DB Schema to version 007
INFO 2022-05-09T08:16:01.870 ThreadId(12) [1P:op-db/src/db.rs:470] Updated DB Schema to version 008
INFO 2022-05-09T08:16:01.870 ThreadId(12) [1P:op-db/src/db.rs:483] Updated DB Schema to version 009
INFO 2022-05-09T08:16:01.871 ThreadId(12) [1P:op-db/src/db.rs:496] Updated DB Schema to version 011
INFO 2022-05-09T08:16:01.871 ThreadId(12) [1P:op-db/src/db.rs:510] Updated DB Schema to version 012
INFO 2022-05-09T08:16:01.872 ThreadId(12) [1P:op-db/src/db.rs:523] Updated DB Schema to version 013
INFO 2022-05-09T08:16:01.873 ThreadId(12) [1P:op-db/src/db.rs:536] Updated DB Schema to version 014
INFO 2022-05-09T08:16:01.874 ThreadId(12) [1P:op-db/src/db.rs:549] Updated DB Schema to version 015
INFO 2022-05-09T08:16:01.876 ThreadId(12) [1P:op-db/src/db.rs:562] Updated DB Schema to version 016
INFO 2022-05-09T08:16:01.878 ThreadId(12) [1P:op-db/src/db.rs:575] Updated DB Schema to version 017
INFO 2022-05-09T08:16:01.879 ThreadId(12) [1P:op-db/src/db.rs:588] Updated DB Schema to version 018
INFO 2022-05-09T08:16:01.880 ThreadId(12) [1P:op-db/src/db.rs:601] Updated DB Schema to version 019
INFO 2022-05-09T08:16:01.882 ThreadId(12) [1P:op-db/src/db.rs:713] Updated DB Schema to version 021
INFO 2022-05-09T08:16:01.883 ThreadId(12) [1P:op-db/src/db.rs:726] Updated DB Schema to version 022
INFO 2022-05-09T08:16:01.885 ThreadId(12) [1P:op-db/src/db.rs:739] Updated DB Schema to version 023
INFO 2022-05-09T08:16:01.891 ThreadId(12) [1P:ssh/op-ssh-config/src/lib.rs:231] agent not configured
ERROR 2022-05-09T08:16:01.891 ThreadId(12) [1P:ffi/core-node/src/lib.rs:64] Attempted to notify uninitialized App
INFO 2022-05-09T08:16:01.892 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.892 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts
INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts
INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts
INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts
INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts
INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.896 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Mozilla/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-09T08:16:01.896 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.
INFO 2022-05-09T08:16:01.924 tokio-runtime-worker(ThreadId(10)) [1P:op-settings/src/store/json_store.rs:49] Settings file "/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json" missing, using defaults.
INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:op-ipc/src/ipc/xpc.rs:229] XPC connected to 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:293] Active native core integration is awaiting messages
INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:305] Extension connecting.
INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:307] Extension connection accepted.
INFO 2022-05-09T08:16:02.362 tokio-runtime-worker(ThreadId(3)) [1P:op-op7-migration/src/lib.rs:290] OP7 Credentials were found, storing for future sign in.
WARN 2022-05-09T08:16:10.100 tokio-runtime-worker(ThreadId(4)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
ERROR 2022-05-09T08:16:10.100 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
ERROR 2022-05-09T08:16:31.927 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/watchtower.rs:266] RequestError(IoError(IoError(timed out)))
ERROR 2022-05-09T08:16:34.092 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/updater.rs:176] AppUpdates(Http(IoError(IoError(connect error))))
ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
WARN 2022-05-09T08:16:48.030 tokio-runtime-worker(ThreadId(5)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
ERROR 2022-05-09T08:16:48.031 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
ERROR 2022-05-09T08:17:01.931 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/watchtower.rs:267] RequestError(IoError(IoError(timed out)))
ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
WARN 2022-05-09T08:17:40.014 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
ERROR 2022-05-09T08:17:40.014 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
INFO 2022-05-09T08:19:24.762 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:478] cancelling a sign in session
INFO 2022-05-09T08:19:25.672 op_executor:invocation_loop(ThreadId(17)) [1P:op-app/src/app/backend/frontend.rs:24] Front end event: window closed0 -
Thanks for your reply! We'd like to grab some finer-grained diagnostics information from one of the attempts to add a new account - could you write in to
support+mac@1password.com
, and include your username and a link to this Forum thread? Once we receive it, we can help with gathering some deeper diagnostics information for the Development team to dig into.After you email in, you should receive a Conversation ID that looks like this: [#ABC-12345-678]. Please paste that here, and I'll use it to track your email down from my end. Thanks again!
Could you update to the Nightly version of 1Password, and let me know if you have success adding your account? The version of 1Password you're running does not contain the support for PAC configurations, but the most-recent Nightly does. Here's how to swap over to the Nightly release channel:
1. Open the 1Password app.
2. In the menu bar, click 1Password, then Preferences.
3. Swap to the Advanced tab, and change Release Channel toNightly
.
4. Select the About tab, and check for updates.
5. Apply the update when it is ready.After performing those actions and updating, could you try signing in and let me know if you're able to do so successfully? Thanks, I look forward to hearing back!
0 -
Hello @Dayton_ag
I should have read more carefully, I thought the released version was more recent than the ones discussed so far.
I am now on 80800022, on NIGHTLY channel
Unfortunately, still no luck. One thing I forgot to mention which could be important now that I see this error is that I am on a Cisco AnyConnect VPN, which connects me to the network with the proxy described in my previous post.
The error is different this time. It seems to interpret the PAC and try to connect. There's not much details so hard to say where the problem lies.
I'm using the proxy with all other apps and it's reachable and working.
Here's the log:
INFO 2022-05-11T08:39:51.937 ThreadId(12) [client:typescript] Client starting.
INFO 2022-05-11T08:39:52.070 ThreadId(12) [1P:native-messaging/op-native-core-integration/src/lib.rs:448] Enabling BrowserHelper with bundle id: 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-11T08:39:52.091 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:281] Starting IPC listener on 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-11T08:39:52.091 tokio-runtime-worker(ThreadId(1)) [1P:op-ipc/src/ipc/xpc.rs:76] XPC starting connection
INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:op-ipc/src/ipc/xpc.rs:124] XPC connected to 2BUA8C4S2C.com.1password.browser-helper
INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:293] Active native core integration is awaiting messages
INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:305] Extension connecting.
INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:307] Extension connection accepted.
INFO 2022-05-11T08:39:52.101 ThreadId(12) [1P:op-localization/src/lib.rs:228] system locale detected as 'en-US'
INFO 2022-05-11T08:39:52.101 ThreadId(12) [1P:op-localization/src/lib.rs:254] selected translations for EN_US based on detected locale en-US
INFO 2022-05-11T08:39:52.101 ThreadId(12) [status:op-app/src/app.rs:325] App::new(1Password for Mac/80800022 (EN_US), /Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite)
INFO 2022-05-11T08:39:52.103 ThreadId(12) [1P:op-db/src/db.rs:120] Starting DB at version: 24
INFO 2022-05-11T08:39:52.105 ThreadId(12) [1P:ssh/op-ssh-config/src/lib.rs:231] agent not configured
ERROR 2022-05-11T08:39:52.105 ThreadId(12) [1P:ffi/core-node/src/lib.rs:65] Attempted to notify uninitialized App
INFO 2022-05-11T08:39:52.107 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.107 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.108 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.108 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.109 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.110 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.112 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.113 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Sidekick/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Arc/User Data/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/WaveboxApp/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Mozilla/NativeMessagingHosts/com.1password.1password.json
INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.
ERROR 2022-05-11T08:40:07.758 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-proxy/src/lib.rs:245] proxy test network connection failed: timed out
INFO 2022-05-11T08:40:07.759 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-proxy/src/apple.rs:305] skipping proxy returned by PAC since we couldn't connect to it: Network(Network(timed out))
ERROR 2022-05-11T08:40:24.364 tokio-runtime-worker(ThreadId(8)) [1P:op-app/src/app/backend/updater.rs:175] AppUpdates(Http(IoError(IoError(connect error))))
ERROR 2022-05-11T08:40:37.762 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:95, IoError(IoError(timed out))))
ERROR 2022-05-11T08:40:37.763 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:442] error signing in from data layer: other error
ERROR 2022-05-11T08:40:37.763 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:386] Error signing in: other error0 -
Hey there @mdemierre I'm so sorry for the delay here!
Could you try downloading and installing our newest nightly, using the steps in my message above? It has some further changes to our proxy handling.
Once you've downloaded and installed that Nightly, could you confirm if you're still running into connection issues? If you are, let's continue this conversation over email so I can grab some more in-depth diagnostics information. Could you send me an email at
support+mac@1password.com
, with my username, your username, and a link to this forum thread?After you email in, you should receive a Conversation ID that looks like this: [#ABC-12345-678]. Please paste that here, and I'll use it to track your email down from my end.
Thanks, I'm looking forward to getting this sorted for you! ๐
0 -
I literally ran into this exact issue today - I've tried what you suggest, but I have an issue:
- I set the release to the Nightly, then tried to update to nightly, and ... nothing.
- 1Password won't switch away from the production channel - so I'm stuck at 80700098.
- I suspect it's because I can't log into my 1Password account in the 1Password app (Browser works fine, as does 1Pass7)
- I can't log into my 1Password account in the app because... no access without a proxy.
- So which came first? The ๐ or the ๐ฅ?
0 -
Hey @Pariah_Zero:
Thanks for sharing that you're running into trouble. Here's a direct link to the nightly installer for both 1Password 8 for Mac and Windows:
Mac: https://downloads.1password.com/mac/1Password Nightly.zip
Windows: https://downloads.1password.com/win/1PasswordSetup-latest.NIGHTLY.exeLet me know if that helps!
Jack
0 -
Well, that's a bummer: After using the link and moving to 80800110 (Mac), I've still got no ability to login with 1password 8. I'll try to follow up via email as well with further details.
I doubt the proxy is that exotic - just a normal http/https proxy (where https is just passed through unmodified), and has content filtering to block 'unauthorized' sites.
0 -
Hello @Dayton_ag
I sent an email today but didn't get an ID back. The subject is "1password 8 NIGHTLY: Cannot login when under VPN + corporate proxy" from the email of this account.
I upgraded to the 80800114 but I still see the same logs.
0 -
I'm also seeing issues again with 1Password thinking it's offline when connected to the corp network :(
0 -
I've been in contact with support via email: [#NGI-26927-645]. I'll see if I can send debugging information, but I can't promise anything... such is life when my corporate overlords are pretty strict about "what happens in the firewall stays in the firewall." I mean, that's why there's a proxy to begin with...
0 -
@mdemierre Thanks so much - I tracked down your email from my end and I'll be reaching out to you shortly!
ref: WCW-38359-192@Smithjw Sorry you're running into issues still! Could you shoot us an email at
support+mac@1password.com
, and include:- Your Forum username
- My Forum username
- A link to this article.
Let me know what Conversation ID you get in an automated reply to your email and I'll track down your email on my end. If you don't receive a Conversation ID, let me know and I'll see if I can dig up your email from my end.
@Pariah_Zero Thanks so much for writing in! I'll follow up with you in the email you mentioned, as we're looking for some specific logs and we can work together on finding what we need without causing any issues with IT. ๐
ref: NGI-26927-6450 -
Hi, I am in a similar situation at work where access to the internet is monitored via an authenticating proxy.
The 1password chrome extension connects to the backend no problem but the 1password standalone app does not which means I have on the same machine inconsistent state. Let me know what I can do to help here. This is a major issue for me.1Password for Mac 8.9.4 - 80904044, on PRODUCTION channel
Macbook Pro 16 M1 Max
MacOS Monterey 12.5.10 -
Hello
Same thing here, behind a corporate VPN / Proxy combo.
Sync is not working:
ERROR 2022-09-19T11:17:44.917 tokio-runtime-worker(ThreadId(14)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ<redacted_corp_url>โ certificate is not trusted (-67843) ERROR 2022-09-19T11:17:44.919 tokio-runtime-worker(ThreadId(12)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ<redacted_corp_url>โ certificate is not trusted (-67843) ERROR 2022-09-19T11:17:44.920 tokio-runtime-worker(ThreadId(14)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ<redacted_corp_url>โ certificate is not trusted (-67843)
It's working fine from browsers extensions and command line.
1Password for Mac 8.9.6 - 80906011, on BETA channel
macOS Monterey 12.60 -
MacOS Monterey 12.6.1 (corporate control)
1Password for Mac 8.9.13 (80913026) (NIGHTLY channel)
Proxy: Bluecoat with authenticationApologies for the "me, too", but I believe the problem, for me at least, is a failure to properly authenticate to a proxy. Here are some telltales from the logs:
ERROR 2023-01-03T13:26:11.398 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/lib.rs:255] proxy test network connection failed: error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54) INFO 2023-01-03T13:26:11.398 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/apple.rs:348] skipping proxy returned by PAC since we couldn't connect to it: Network(Network(error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54))) ERROR 2023-01-03T13:26:11.613 tokio-runtime-worker(ThreadId(6)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/unlock.rs:77] unable to get client ERROR 2023-01-03T13:26:37.025 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/app/backend/updater.rs:209] AppUpdates(Http(IoError(IoError(error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54)))))
I believe this shows that the correct proxy config (PAC) was retrieved, but access via the proxy failed anyway. I am not savvy enough to understand how an app on a Mac can use the pre-authenticated proxy connection (or keystore password) to authenticate to the proxy.
As a workaround...
As an erstwhile developer I have several tools that are in a similar situation. Some have configuration options to set the proxy and password, but then I have a bunch of places I have to go update the password, and inevitably that leads to an account lockout as those tools use an old password.
I use a local proxy (happens to be SquidMan) that asks for my current credentials on start up and provides an unauthenticated local proxy for tools to connect to. However, the tool MUST support configuration of the proxy, and 1Password 8 does not. So not an option.
Happy to help however I can.
0 -
How is this still not fixed? The only way 1P will work on my corporate network is if I use Proxifier to redirect the 1P access to *.agilebits.com to use the corporate proxy. Every other app on MacOS reads the system proxy settings, which in my case uses a
wpad.dat
script to manage proxy selection rules. It is obvious that 1P doesn't attempt to follow system proxy settings at all.When we could have our 1P vault replicated with Dropbox or whatever else we never had a problem, as Dropbox itself supported proxies just fine...however your business model forced this change and you failed to adopt supporting proxy servers which is a common requirement in corporate networks, it can also be a requirement in some geo-regions (e.g. PRC).
0