Amazon S3 authentication error


Running Omeka Classic 3.1.1 and attempting to implement S3 storage following the Reclaim instructions (

Receiving the following error from AWS when attempting to access files:

InvalidRequest The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256. W8GVN1CQT7KPP9EA k1zCZNqvfPUMCgKlMTkpq2sX9Pm+dVtK1RNns36hnLMZwv2Z5YAZYW51OQNDD5hvFKUIc/mO2rtNxvxIk1qnpA==

Current ZendS3 code in config.ini (with Access Key and Secret Key omitted and bucket obscured):

storage.adapter = “Omeka_Storage_Adapter_ZendS3”
storage.adapterOptions.accessKeyId =
storage.adapterOptions.secretAccessKey =
storage.adapterOptions.bucket = ABC
storage.adapterOptions.expiration = 10 ; URL expiration time (in minutes)
storage.adapterOptions.endpoint =;
storage.adapterOptions.forceSSL = 1 ; Boolean value (optional)

99% sure the following is correct:
Access Key
Secret Access Key

Endpoint? Not too sure…

Is the error the result of bucket user settings? Something else I’m doing? Do I need to use a whole different authentication approach?

Currently reverted to old config.ini so site content is accessible via its old location.

Thank you!

The issue here is that the S3 code in Omeka uses Zend’s S3 service, which only supports an old way for authenticating to S3.

The practical upshot is that you’re restricted in which regions will work with the core support. For example, us-east-1 works fine, but us-east-2 as you’re using doesn’t.

Plugins can provide their own storage adapters, so you can use a plugin that just uses the official Amazon SDK and won’t have this authentication problem. I’m aware of one specific one though there may be others. Alternatively switching to using us-east-1 or another “older” region and staying with the Omeka core adapter can work as well.


Any opinion on the relative merits of either approach?

I suppose changing the region of the bucket leaves me at the mercy of Amazon’s future choices–and choosing the plug-in leaves me at the mercy of plug-in compatibility with future Omeka Classic upgrades.

Is there any possibility of the core S3 code in Omeka Classic being updated in future releases?


I have an eye on updating the authentication used for the core’s support to “V4” (vs. “V2” which is the old style currently being used). But I can’t give you a solid timeframe on that.

I think either option is fine, really, as between moving regions or using a plugin. Omeka Classic is pretty stable, and the storage system in particular hasn’t changed in quite a while, so I wouldn’t really worry about that. On the Amazon front, they haven’t made a move or indication of one on turning off V2 authentication for S3 in the many years it’s been since they stopped supporting V2 in new regions. Any actual move would pretty reliably come with significant notice and lead time, and we’d have to deal with it in the Omeka Classic core at that time.

Thank you! I’ve made up my mind: plug in it is!


Got it working! In the end just had some file path issues to correct–I assumed I’d need the whole original /files directory structure, but Omeka just wanted the sub folders available at the top level.

Thank you once again!