Do you have to provide authentication in order to subscribe the webcalendar?

No, that's a private URL from Google Agenda which looks like this :

https://calendar.google.com/calendar/ical/test%40gmail.com/private-9bgb59c8d9363ab12af4a9d561b37/basic.ics

Once entered in SOGo, it's appear active on 'Web Calendars'.

Then this URL (and the calendar) is world readable anyway.

Sure, but nobody can guess the link... So unless you give the link, nobody can read your private calendar....

Totally different from «Let search on SOGo the name of the nice girl on the next desk to see her private calendar»... See what i mean ? ;)

So maybe it's not a bug, but it's not a feature anybody wants enabled by default...

It is not that secure, as you can brute force the search for that link.
But I agree, that it seems easier to get it, when used via SOGo (you also need the account, which means the name of that girl :-)

Perhaps web calendars shouldn't be shareable in SOGo at all.
As the owner of such a web calendar can decide for him/herself whom to provide access.
With that each SOGo user would have to subscribe the original calendar, instead of a shared one inside SOGo.
That way looks cleaner to me.

Bruteforce the search of the link ? You are kidding right ?

Even if you know the gmail adress, there is 36^30 possibility between «private» and «basic.ics», and no doubt google would already permanently banned you after your fifth try... :)

Waaay more easy to search in SOGo for private web calendars shared by default...

I agreed web calendars shouldn't be shareable in SOGo at all...Or need a better way to manage access...