Subject: The mailing list for listmasters using Sympa
List archive
- From: Olivier Salaün <address@concealed>
- To: address@concealed
- Cc: address@concealed
- Subject: Re: [sympa-users] How to use my own login system
- Date: Tue, 16 Mar 2010 09:49:02 +0100
Hello Dogmadefe,
Any relationship with Juan Manuel Parrilla Gutiérrez who asked a similar question ?
I don't fully understand the authentication architecture you're setting up and why.
"Traditionally" you can either let Sympa manage user passwords (user_table enabled in auth.conf) or delegate user authentication to a third party authentication service (generic_sso enabled in auth.conf). If your Sympa server relies on a third party authentication service, then user passwords are never collected by any Sympa process (including the SOAP server).
Therefore it does not make much sense to enable a generic_sso that relies on Sympa SOAP authentication.
Why would you need that?
Are you looking for a way to have Single Sign-On? Then you should install a third party SSO server (like CAS) and make both Sympa and your web server act as SSO clients.
Le 10/03/2010 16:14, address@concealed a écrit :
Hello, this is my first post and you will find that I am a quite noob.
I have sympa running in my localhost (version 6.x), it is running ok.
I have Apache2::AuthCookie also running in my system, it is checking the
email and password vs the sympa soap server to allow log in, it is working
OK, I have a random location protected, like "/protected", if I log in using
an email and password from sympa, I can access the protected page.
I am using the Login form that comes by default with AuthCookie, I am also
using its Logout script (with some changes because I am also using
Memcached).
I want to use AuthCookie as the Auth system for Sympa. When a user tries to
open one of the Sympa locations, if he is not authorizated, the login form
will prompt, once he is authorizated, he will have access to it.
Right now I have the following.
In apache.conf:
<Location /sympa>
AuthType AuthCookieHandler
AuthName WhatEver
PerlAuthenHandler AuthCookieHandler->authenticate
PerlAuthzHandler AuthCookieHandler->authorize
require valid-user
</Location>
Only with this, if the user tries to access any sympa location, he will have
to fill the form, but after he is authenticate, there is still the sympa
login form. So following the documentation I added the following in
auth.conf:
# Authentication services for Sympa
generic_sso
service_name Login
service_id Login
email_http_header credential_0
logout_url LOGOUT
# Internal authentication by email and password
#user_table
# regexp .*
I really dont know what to put in service_id or email_http_header
(credential 0 is the name in the login form).
With this configuration, when the user tries to access any location he has
to fill the form, and it does not matter if the info is correct, it is
always saying bad password (when the password is OK), it is strange that the
log from sympa is saying bad password because I read that sympa with
generic_sso is not checking any password.
I tried to make the protected page more exclusive, something like:
<Location /sympa/lists/Login>
AuthType AuthCookieHandler
AuthName WhatEver
PerlAuthenHandler AuthCookieHandler->authenticate
PerlAuthzHandler AuthCookieHandler->authorize
require valid-user
</Location>
With this, when the user access any sympa page, like home or help, he
original login form from sympa is gone and now it appears a "Login" button,
when the user clicks it, it appears the login form, it does not matter if
the user fills it with the correct info, it is always saying bad password.
I guess in Auth.conf I am not providing the correct parameters.
This is the log output from apache:
@400000004b97b08d09d8baa4 [Wed Mar 10 15:45:23 2010] [error] auth_type
AuthCookieHandler
@400000004b97b08d09da06ac [Wed Mar 10 15:45:23 2010] [error]
r=Apache2::RequestRec=SCALAR(0x1547508) authtype=AuthCookieHandler
@400000004b97b08d09da6854 [Wed Mar 10 15:45:23 2010] [error] auth_name
WhatEver
@400000004b97b08d09df65ac [Wed Mar 10 15:45:23 2010] [error] ses_key_cookie
@400000004b97b08d09dfb7b4 [Wed Mar 10 15:45:23 2010] [error] uri /sympa/
lists/sso_login/Login/init/sso_login_succeeded/Login
@400000004b97b0973b4e1f0c [Wed Mar 10 15:45:33 2010] [error] Converting POST
-> GET
@400000004b97b0973b4f24c4 [Wed Mar 10 15:45:33 2010] [error] credential_0
address@concealed
@400000004b97b0973b4f5f5c [Wed Mar 10 15:45:33 2010] [error] credential_1
mypassword
@400000004b97b0980aa6fb6c [Wed Mar 10 15:45:34 2010] [notice] [client
127.0.0.1] Apache2::AuthCookie : Incorrect password for user
address@concealed or bad login while accessing LOGIN, referer:
http://localhost.loopnet:1080/sympa/lists/sso_login/Login/init/sso_login_succeeded/Login
The password is good.
This is the log output from sympa:
Mar 10 15:45:34 e2 soap[19218]:
SOAP::Transport::HTTP::FCGI::Sympa::request() Robot : fup.myserver.dk
Mar 10 15:45:34 e2 soap[19218]: List::init_list_cache()
List::init_list_cache()
Mar 10 15:45:34 e2 soap[19218]: SympaSession::new()
SympaSession::new(fup.myserver.dk,,)
Mar 10 15:45:34 e2 soap[19218]: SympaSession::get_random()
SympaSession::random
Mar 10 15:45:34 e2 soap[19218]: SympaSession::store()
Mar 10 15:45:34 e2 soap[19218]: List::db_get_handler() List::db_get_handler
Mar 10 15:45:34 e2 soap[19218]: SympaSession::renew()
Mar 10 15:45:34 e2 soap[19218]: List::db_get_handler() List::db_get_handler
Mar 10 15:45:34 e2 soap[19218]: SympaSession::get_random()
SympaSession::random
Mar 10 15:45:34 e2 soap[19218]: sympasoap::login()
login(address@concealed)
Mar 10 15:45:34 e2 soap[19218]: sympasoap::login() call
check_auth(fup.myserver.dk,address@concealed)
Mar 10 15:45:34 e2 soap[19218]: Auth::check_auth()
Auth::check_auth(address@concealed)
Mar 10 15:45:34 e2 soap[19218]: Auth::authentication()
Auth::authentication(address@concealed)
Mar 10 15:45:34 e2 soap[19218]: List::get_user_db()
List::get_user_db(address@concealed)
Mar 10 15:45:34 e2 soap[19218]: tools::decrypt_password()
tools::decrypt_password (long_md5)
Mar 10 15:45:34 e2 soap[19218]: Auth::authentication() authentication:
incorrect password for user address@concealed
Mar 10 15:45:34 euron2 soap[19218]: sympasoap::login() SOAP : login
authentication failed
Since it seems that it is trying to check the password I suppose I am not
providing the email.
-
[sympa-users] How to use my own login system,
dogmadefe, 03/10/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/16/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/16/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/16/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/16/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/17/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/17/2010
- Re: [sympa-users] How to use my own login system, David Verdin, 03/17/2010
- Re: Re: [sympa-users] How to use my own login system, dogmadefe, 03/17/2010
- Re: [sympa-users] How to use my own login system, David Verdin, 03/18/2010
- Re: Re: [sympa-users] How to use my own login system, dogmadefe, 03/19/2010
- Re: [sympa-users] How to use my own login system, David Verdin, 03/19/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/17/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/17/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/16/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/16/2010
-
Re: Re: [sympa-users] How to use my own login system,
dogmadefe, 03/16/2010
-
Re: [sympa-users] How to use my own login system,
Olivier Salaün, 03/16/2010
Archive powered by MHonArc 2.6.19+.