The mailing list for listmasters using Sympa

[Dan Pritts <address@concealed>]

i'm setting up a sympa instance that is behind an https
server that requires shibboleth authentication (the entire
server requires shib auth).

I looked at just using the environment variables from apache,
but it looked like sympa only does SSL auth with certs.

so, i went down the generic_sso route.

Ideally users would not have to click the "authenticate" button
to get the sso/shibboleth login.  I came up with a quick hack,
when the user hits the base host url:

  https://foo.internet2.edu/ 

apache redirects to sso_login:

  https://foo.internet2.edu/sympa/sso_login/InCommon

This seems to work fine; once they are logged in they are redirected
back to https://foo.internet2.edu/sympa.

The only issue is if they go back to foo.internet2.edu during the same
session.  In this case, when they are redirected to the sso_login URL,
it throws an error:

  ERROR (sso_login) - You are already logged in as address@concealed

I traced this down pretty quickly to the function do_sso_login.  When I
comment out the bit that throws the error message, everything still
seems to work fine.   Am I missing something?  

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Visit our website: www.internet2.edu
Follow us on Twitter: www.twitter.com/internet2
Become a Fan on Facebook: www.internet2.edu/facebook