Subject: The mailing list for listmasters using Sympa
List archive
- From: Dirk Jahnke-Zumbusch <address@concealed>
- To: <address@concealed>
- Subject: [sympa-users] SYMPA & CAS: how to debug?
- Date: Wed, 28 Nov 2012 11:52:55 +0100 (CET)
Hi all,
I try to get SYMPA 6.1.16 work with CAS and am having
problems, as the login itself succeeds, but the net_id
is empty and the browser is redirected back to the login
screen.
See the slightly reformatted log output:
wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login() do_sso_login(CAS)
wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login()
do_sso_login:
redirect_url(https://cas.desy.de/cas_mod/login?service=https://host.name.dom/sympa/sso_login_succeeded/CAS)
wwsympa[8316]: notice CAS ticket is detected.
in{'ticket'}=ST-15-c0VbaRhxt4nhuusE0Q0J-cas2.desy.de checked_cas=1
wwsympa[8316]: notice net_id=
wwsympa[8316]: err CAS ticket validation failed :
wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_sso_login_succeeded() do_sso_login_succeeded(CAS)
wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_redirect() do_redirect(https://host.name.dom/sympa)
wwsympa[8316]: info [robot host.name.dom] [session 74130993286061]
[client 1.2.3.4] main::do_home() do_home
The corresponding paragraph in auth.conf looks like this
cas
base_url https://cas.desy.de/
auth_service_name CAS
non_blocking_redirection off
login_path cas_mod/login
logout_path cas_mod/logout
ldap_host localhost:8389
ldap_get_email_by_uid_filter (uid=[uid])
ldap_timeout 7
ldap_suffix dc=xxx,dc=desy,dc=de
ldap_scope sub
ldap_email_attribute mail
Anyhow. I would (and will try) to debug this myself and would
be glad to know, how I could debug this.
As far as I understand, wwsympa.fcgi is called and the following
lines are supposed to do the trick:
my $net_id = $cas_server->validateST($service_url, $ticket);
if(defined $net_id) { # the ticket is valid net-id
do_log('notice',"login CAS OK server netid=$net_id" );
$param->{'user'}{'email'} = lc(&Auth::get_email_by_net_id($robot, $cas_id,
{'uid' => $net_id}));
$session->{'auth'} = 'cas';
$session->{'email'}= $param->{user}{email} ;
$session->{'cas_server'} = $cas_id;
}else{
do_log('err',"CAS ticket validation failed : %s",
&AuthCAS::get_errors());
}
So it looks to me, that something within validateST fails, but
I do not know how to "look inside" this Module (from AuthCAS),
so I could see why this fails.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [sympa-users] SYMPA & CAS: how to debug?, Dirk Jahnke-Zumbusch, 11/28/2012
Archive powered by MHonArc 2.6.19+.