The mailing list for listmasters using Sympa

[Aaron Bennett <address@concealed>]

> -----Original Message-----
> From: Robert Beer [mailto:address@concealed]
> Sent: Tuesday, March 18, 2014 5:10 PM
> To: address@concealed
> Cc: Aaron Bennett
> Subject: Re: [sympa-users] possible perl-AuthCAS or Sympa bug?
> 
> Yes, CAS and ldap are working for us.  Here you go:
> ## Here is the default auth.conf
> ## It defines the authentication backends used by Sympa
> 

Many thanks.  I'm getting somewhere -- I think the issue is that sympa is 
sending the service as http instead of https -- look at this from the sympa 
logs:

Mar 19 10:35:29 oatmeal wwsympa[4232]: info [robot lists.clarku.edu] [session 
38869552252274] [client 140.232.0.75] main::do_sso_login() do_sso_login: 
redirect_url(https://cas.clarku.edu/cas/login?service=http://lists.clarku.edu/sso_login_succeeded/Login)

Where is that configured?  Sympa.conf has the correct information:

http_host       https://lists.clarku.edu

wwsympa_url     https://lists.clarku.edu

I tried setting an explicit service_validate_path in auth.conf, to no avail.  
Here's my auth.conf:

cas
       base_url                        https://cas.clarku.edu/cas
       auth_service_name               Login
       auth_service_friendly_name              "Clark University ADFS Login"
# tried setting service_validate_path, doesn't matter
#       service_validate_path          
https://cas.clarku.edu/cas/login?service=https://lists.clarku.edu/sso_login_succeeded/Login
       non_blocking_redirection on
       use_ssl                         1
       ssl_version                     sslv3
       ssl_ciphers                     MEDIUM:HIGH

In our CAS setup, user auths with her email address, so there's no need for 
an uid->mail ldap query.

FWIW I'm using nginx with fastcgi.  Maybe nginx is not setting the base_url 
or something?

-Aaron