Skip to Content.
Sympa Menu

en - [sympa-users] SYMPA & CAS: how to debug?

Subject: The mailing list for listmasters using Sympa

List archive

[sympa-users] SYMPA & CAS: how to debug?

Chronological Thread  
    < Chronological >       < Thread >
  • From: Dirk Jahnke-Zumbusch <address@concealed>
  • To: <address@concealed>
  • Subject: [sympa-users] SYMPA & CAS: how to debug?
  • Date: Wed, 28 Nov 2012 11:52:55 +0100 (CET)
Hi all,

I try to get SYMPA 6.1.16 work with CAS and am having
problems, as the login itself succeeds, but the net_id
is empty and the browser is redirected back to the login
screen.

See the slightly reformatted log output:

wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login() do_sso_login(CAS)

wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login()
do_sso_login:
redirect_url(https://cas.desy.de/cas_mod/login?service=https://host.name.dom/sympa/sso_login_succeeded/CAS)

wwsympa[8316]: notice CAS ticket is detected.
in{'ticket'}=ST-15-c0VbaRhxt4nhuusE0Q0J-cas2.desy.de checked_cas=1

wwsympa[8316]: notice net_id=

wwsympa[8316]: err CAS ticket validation failed :

wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login_succeeded() do_sso_login_succeeded(CAS)

wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_redirect() do_redirect(https://host.name.dom/sympa)

wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_home() do_home



The corresponding paragraph in auth.conf looks like this

cas
base_url https://cas.desy.de/
auth_service_name CAS
non_blocking_redirection off
login_path cas_mod/login
logout_path cas_mod/logout
ldap_host localhost:8389
ldap_get_email_by_uid_filter (uid=[uid])
ldap_timeout 7
ldap_suffix dc=xxx,dc=desy,dc=de
ldap_scope sub
ldap_email_attribute mail


Anyhow. I would (and will try) to debug this myself and would
be glad to know, how I could debug this.

As far as I understand, wwsympa.fcgi is called and the following
lines are supposed to do the trick:

my $net_id = $cas_server->validateST($service_url, $ticket);

if(defined $net_id) { # the ticket is valid net-id
do_log('notice',"login CAS OK server netid=$net_id" );
$param->{'user'}{'email'} = lc(&Auth::get_email_by_net_id($robot, $cas_id,
{'uid' => $net_id}));
$session->{'auth'} = 'cas';
$session->{'email'}= $param->{user}{email} ;

$session->{'cas_server'} = $cas_id;
}else{
do_log('err',"CAS ticket validation failed : %s",
&AuthCAS::get_errors());
}

So it looks to me, that something within validateST fails, but
I do not know how to "look inside" this Module (from AuthCAS),
so I could see why this fails.

Attachment: smime.p7s
Description: S/MIME cryptographic signature


  • [sympa-users] SYMPA & CAS: how to debug?, Dirk Jahnke-Zumbusch, 11/28/2012

Archive powered by MHonArc 2.6.19+.

Top of Page