The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

You don’t say if you’re using Sympa’s own authentication, or a webserver-offloaded authentication (shibboleth or the like).  If shibboleth the issue may be there.

 

Having an endless return to the login is either (a) the cookies not being set or in the wrong domain, or (b) incorrect cookies.  We used to get (b) when logging in on one robot and then accessing another, until the sympa cookies were placed in the robot’s own domain.

 

I’d suggest checking your browser cookies, and deleting all the sympa session cookies in all the domains.  Then try again, and see what cookies have been set.  It may work (if the problem is due to old leftover cookies from before you fixed cookie_domain) or not (if the cookies are still being set in the wrong domain).

 

Also, verify the clock synchronisation on both your Sympa server and on your local browser!  If they are too far out you’ll get invalid cookies due to expiry, causing the same issue.

 

Is the domain you are using for the cookies shared with any other sympa instances that might be conflicting, as when you have multiple robots or multiple servers and set the cookies in a higher domain.

 

HTH

 

Steve

 

 

Steve Shipway

address@concealed

 

From: Daniel Bidwell [mailto:address@concealed]
Sent: Friday, 27 June 2014 4:00 p.m.
To: Steve Shipway
Cc: address@concealed
Subject: Re: [sympa-users] Using sympa behind pound or nginx

 

Here is what I have.  Sympa running under nginx with the following lines in sympa.conf

http_host https://sympa.andrews.edu
domain    sympa.andrews.edu
wwsympa_url https://sympa.andrews.edu/wws

and in wwsympa.conf:

cookie_domain sympa.andrews.edu

I can log in and it shows that I am a listmaster, but when I click on Sympa_admin it takes me back to the login screen endlessly.

On Fri, 2014-06-27 at 03:34 +0000, Steve Shipway wrote:

> I have attempted to put sympa behind this service and I can log in

> successfully, but the session doesn't seem to live for me to actually do

> anything without asking me to log in again.  I have check the time on the

> servers and they are all synchronized.  I don't see anything in the debug 

> logs

> that helps me.

We don't use a reverse proxy for sympa, but I suspect your issue is going to 

be cookie domains.

For the hostname that users use, to access the sympa server, set cookie_domain 

in the wwsympa.conf or robot.conf.  We have to do this because we have many 

robot domains all pointing to the same Sympa server, and need their auth 

cookies to be kept separate.

Eg, if your sympa server is mysympa.subdom.andrews.edu

But your reverse proxy hides it as www.andrews.edu/sympa

Then set the options

cookie_domain www.andrews.edu

http_host  www.andrews.edu

host www.andrews.edu

wwsympa_url http://www.andrews.edu/sympa

Steve

Steve Shipway

address@concealed

 

--
Daniel R. Bidwell | address@concealed
Andrews University | Information Technology Services
If two always agree, one of them is unnecessary
Karma is getting what you deserve, mercy is not getting what you deserve,
grace is getting what you do not deserve.
"In theory, theory and practice are the same.
In practice, however, they are not."

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature