Subject: The mailing list for listmasters using Sympa
List archive
- From: Dallas Wisehaupt <address@concealed>
- To: address@concealed
- Subject: [sympa-users] Oddity with CAS login
- Date: Wed, 6 Aug 2008 16:35:30 -0400 (EDT)
We are just moving our test instance into production and in the process
updating from 5.2.3 to 5.4.3. I have sympa up and running but have run
into an issue with validating CAS user sessions on the new 5.4.3
instance. If you have the time, I'd just like some more eyes to verify
my sanity or lack there of.
Here are the relevant config settings that I see:
auth.conf:
cas
auth_service_name UofS-cas
base_url https://my.scranton.edu/cp/cas
logout_path /logout.jsp
login_path /login
service_validate_path /validate
ldap_host royaldirectory.scranton.edu:389
ldap_bind_dn
ldap_bind_password
ldap_suffix o=uofs.edu
ldap_get_email_by_uid_filter (uid=[uid])
ldap_email_attribute mail
ldap_scope one
ldap_timeout 7
sympa.conf:
capath /etc/httpd/conf/ssl_trusted_keys/
cafile /home/sympa/bin/etc/ca-bundle.crt
In our ssl_trusted_keys area we have the following certs with the x509
hash as symlinks:
eb6beeac.0 -> myscranton.pem
ed524cf5.0 -> entrust_ca.pem
So, what I'm seeing is this in the sympa log file when I hit our login
page:
Aug 6 16:16:44 gepard wwsympa[7496]: [robot gepard.scranton.edu] [client 134.198.30.45] main::do_redirect() do_redirect(https://my.scranton.edu/cp/cas/login?service=http://gepard.scranton.edu/sympa/?checked_cas=0&gateway=1) Aug 6 16:16:44 gepard wwsympa[7496]: SympaSession::new() SympaSession::new ignoring unknown session cookie Aug 6 16:16:44 gepard wwsympa[7496]: CAS ticket is detected. in{'ticket'}=ST-2517-9fnq8jeLck0xgkn425ma in{'checked_cas'}=0 Aug 6 16:16:44 gepard wwsympa[7496]: CAS ticket validation failed : Aug 6 16:16:44 gepard wwsympa[7496]: [robot gepard.scranton.edu]
[client 134.198.30.45] main::do_home() do_home
This is repeated if I select the login button that we have set for users
of CAS. The CAS server validates the ticket correctly and passes it back
to sympa.
If I bump the logging up to level 4, I still only see entries like the
following:
Aug 6 16:29:59 gepard wwsympa[7959]: cas authentication service UofS-cas Aug 6 16:29:59 gepard wwsympa[7959]: Language::gettext() Language::gettext(%d %b %Y at %H:%M:%S) Aug 6 16:29:59 gepard wwsympa[7959]: Language::gettext() Language::gettext(%H:%M:%S) Aug 6 16:29:59 gepard wwsympa[7959]: Language::SetLang() Language::SetLang(en_US) Aug 6 16:29:59 gepard wwsympa[7959]: Language::SetLang() Language::SetLang(us) Aug 6 16:29:59 gepard wwsympa[7959]: main::get_parameters() PATH_INFO: / Aug 6 16:29:59 gepard wwsympa[7959]: main::get_parameters() debug level 0 Aug 6 16:29:59 gepard wwsympa[7959]: SympaSession::new() SympaSession::new(gepard.scranton.edu,71878885982906,) Aug 6 16:29:59 gepard wwsympa[7959]: SympaSession::load() SympaSession::load(71878885982906) Aug 6 16:29:59 gepard wwsympa[7959]: List::db_get_handler() List::db_get_handler Aug 6 16:29:59 gepard wwsympa[7959]: cookielib::set_do_not_use_cas() cookielib::set_do_not_use_cas(,0,-10y) Aug 6 16:29:59 gepard wwsympa[7959]: CAS ticket is detected. in{'ticket'}=ST-2517-9fnq8jeLck0xgkn425ma in{'checked_cas'}=0 Aug 6 16:30:00 gepard wwsympa[7959]: CAS ticket validation failed : Aug 6 16:30:00 gepard wwsympa[7959]: [robot gepard.scranton.edu] [client 134.198.30.45] main::check_param_in() check_param_in Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::request_action() List::request_action create_list,md5,gepard.scranton.edu Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::new() Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::_parse_scenario() (create_list, public_listmaster, gepard.scranton.edu) Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::new() Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::verify() (search('blacklist.txt',[sender])) Aug 6 16:30:00 gepard wwsympa[7959]: Scenario::search() List::search(blacklist.txt,nobody,gepard.scranton.edu)
The only thing I can imagine is that I am missing a trust or validation
hook somewhere, but I can't find it for anything. Any ideas for what to
check, or if there is some other logging I should be bumping up to see
the error?
Thanks.
Dallas
--
Dallas Wisehaupt Senior Systems Administrator
address@concealed The University of Scranton
-
[sympa-users] Oddity with CAS login,
Dallas Wisehaupt, 08/06/2008
-
Re: [sympa-users] Oddity with CAS login,
Olivier Salaün, 08/07/2008
- Re: [sympa-users] Oddity with CAS login, Dallas Wisehaupt, 08/07/2008
-
Re: [sympa-users] Oddity with CAS login,
Olivier Salaün, 08/07/2008
Archive powered by MHonArc 2.6.19+.