The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Hi,

Sorry, I was completely off-topic in my previous message...

Is this your full auth.conf? Nothing else?

Do you have anything with "http://" in wwsympa.conf ?

Cheers,

David

Le 20/03/14 18:04, David Verdin a écrit :

address@concealed"> Hi Aaron,

There is a soap_url parameter that need to be defined in sympa.conf: https://www.sympa.org/manual/soap#sympa_setup

Did you setup this parameter?

Best regards,

David

Le 19/03/14 16:26, Aaron Bennett a écrit :

-----Original Message-----
From: Robert Beer [mailto:address@concealed]
Sent: Tuesday, March 18, 2014 5:10 PM
To: address@concealed
Cc: Aaron Bennett
Subject: Re: [sympa-users] possible perl-AuthCAS or Sympa bug?

Yes, CAS and ldap are working for us.  Here you go:
## Here is the default auth.conf
## It defines the authentication backends used by Sympa

Many thanks.  I'm getting somewhere -- I think the issue is that sympa is sending the service as http instead of https -- look at this from the sympa logs:

Mar 19 10:35:29 oatmeal wwsympa[4232]: info [robot lists.clarku.edu] [session 38869552252274] [client 140.232.0.75] main::do_sso_login() do_sso_login: redirect_url(https://cas.clarku.edu/cas/login?service=http://lists.clarku.edu/sso_login_succeeded/Login)

Where is that configured?  Sympa.conf has the correct information:

http_host	https://lists.clarku.edu

wwsympa_url	https://lists.clarku.edu

I tried setting an explicit service_validate_path in auth.conf, to no avail.  Here's my auth.conf:

cas
       base_url                        https://cas.clarku.edu/cas
       auth_service_name               Login
       auth_service_friendly_name	       "Clark University ADFS Login"
# tried setting service_validate_path, doesn't matter
#       service_validate_path	       https://cas.clarku.edu/cas/login?service=https://lists.clarku.edu/sso_login_succeeded/Login
       non_blocking_redirection	on
       use_ssl                         1
       ssl_version                     sslv3
       ssl_ciphers                     MEDIUM:HIGH

In our CAS setup, user auths with her email address, so there's no need for an uid->mail ldap query.

FWIW I'm using nginx with fastcgi.  Maybe nginx is not setting the base_url or something?

-Aaron

 

--
A bug in Sympa? Quick! To the bug tracker!

David Verdin Études et projets applicatifs
Tél : +33 2 23 23 69 71 Fax : +33 2 23 23 71 21   www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex

--
A bug in Sympa? Quick! To the bug tracker!

David Verdin Études et projets applicatifs
Tél : +33 2 23 23 69 71 Fax : +33 2 23 23 71 21   www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex

Attachment: pngs7Os5F0enl.png
Description: PNG image

Attachment: smime.p7s
Description: Signature cryptographique S/MIME