PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES

Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Esconda cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
Mime-Version:
1.0
Sender:
The PAPI authentication and authorization framework <[log in para visualizar]>
X-imss-settings:
Baseline:1 C:3 M:3 S:3 R:3 (0.0000 0.0000)
Date:
Mon, 27 Mar 2006 16:46:08 +0200
X-imss-result:
Passed
Reply-To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Subject:
Message-ID:
Content-Transfer-Encoding:
quoted-printable
Emisor:
SUBSCRIBE PAPY Romain Dupre <[log in para visualizar]>
Received:
by LISTSERV.REDIRIS.ES (LISTSERV-TCP/IP release 14.5) with spool id 28457455 for [log in para visualizar]; Mon, 27 Mar 2006 16:56:10 +0200 from listserv.rediris.es (relay.rediris.es [130.206.1.53]) by chico.rediris.es (8.12.10/8.9.1) with ESMTP id k2REk8pI011197 for <[log in para visualizar]>; Mon, 27 Mar 2006 16:46:08 +0200 (CEST) from chico.rediris.es (chico.rediris.es [130.206.1.3])by listserv.rediris.es (Postfix) with ESMTP id 8F27C44E5Cfor <[log in para visualizar]>; Mon, 27 Mar 2006 16:46:08 +0200 (CEST)
X-imss-scores:
Clean:39.11523 C:7 M:0 S:5 R:5
X-imss-version:
2.5
Parts/Attachments:
text/plain (177 lines)
Hi,

I am currently doing an intership in order to finish my studies, my subject
is "setting up an SSO system" and PAPI seems to be the good one.

So my problem is in the subject;

Here is the apache 1.3.34 log : 


[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Parameters initialized:$VAR1 =
bless( {\n                 'RwUser' => undef,\n                 'attrList'
=> [],\n                 'filters' => [\n                                '.*
=> accept'\n                              ],\n                 'PxCkSize' =>
320768,\n                 'ApacheRequest' => bless( do{\\(my $o =
135967988)}, 'Apache' ),\n                 'Hcook_Handler' => undef,\n     
           'SPOCPAct' => 'accept',\n                 'registerVal' => '',\n
                'SPOCPAcc' => 0,\n                 'formProc' => {},\n     
           'Athens_uia' => undef,\n                 'Domain' =>
'papi.tpm.fr',\n                 'PADATH_HDD' => undef,\n                
'RewUrlPatterns' => [],\n                 'redirects' => [],\n             
   'RewMimeTypes' => undef,\n                 'cookieRejects' => [],\n     
           'RwAll' => undef,\n                 'AttSep' => undef,\n        
        'Loc' => '/manual',\n                 'MaxTtl' => undef,\n         
       'HttpAuth' => [],\n                 'Req_DB' => undef,\n            
    'Hkey' => '3dcfcb769163c70d37e5134ec461bccd',\n                
'Remote_Dom' => undef,\n                 'Serv' => 'Romain_PoA',\n         
       'Id' => '14505_1143466813_Romain_PoA',\n                 'Athens_AAP'
=> undef,\n                 'Lkey' => '5b0732db8d10e7718b21982970a4bbc0',\n
                'Athens_psa' => undef,\n                 'EvalPx' =>
undef,\n                 'Pubkeys_Path' => '/usr/local/PAPI',\n            
    'Remote_Serv' => undef,\n                 'ValSep' => undef,\n         
       'Hcook_DB' => '/usr/local/PAPI/Hcook.db',\n                
'GPoA_Priv_Key' => undef,\n                 'Accept_File' =>
'/usr/local/PAPI/access_granted.jpg',\n                 'NoXML' => undef,\n
                'HashUser' => undef,\n                 'registerKey' =>
'',\n                 'HcookGen' => undef,\n                 'URL_Timeout'
=> '200',\n                 'MxNonceErr' => 3,\n                 'PoARw' =>
[],\n                 'Auth_Location' => '/papi/cookie_handler.cgi',\n     
           'PAPI::ApachePoA' => undef,\n                 'rawHcook' => '',\n
                'GPoAHashUser' => undef,\n                 'SPOCPSrv' =>
undef,\n                 'CRC_Timeout' => '30',\n                
'RejUrlPatterns' => [],\n                 'Athens_Key' => undef,\n         
       'Proxy' => undef,\n                 'AddressInToken' => undef,\n    
            'StripLocation' => undef,\n                 'Debug' => '1',\n  
              'Athens_IID' => undef,\n                 'Athens_TTL' =>
undef,\n                 'GPoA_URL' => undef,\n                
'Lcook_Timeout' => '60',\n                 'PxIP' => undef,\n              
  'ases' => {\n                             'Romain_AS' => {\n             
                                'desc' => 'My_AS',\n                       
                      'url' => 'https://papi.tpm.fr/cgi-bin/AuthServer'\n  
                                         }\n                           },\n
                'Reject_File' => '/usr/local/PAPI/access_denied.jpg',\n    
            'PADATH_LAA' => undef\n               }, 'PAPI::ApachePoA' );\n

[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Main Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Main: Cookies received:\n Hcook=##,
Lcook=##
[Mon Mar 27 15:40:13 2006] [warn] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Lcook is empty
[Mon Mar 27 15:40:13 2006] [notice] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Hcook is empty
[Mon Mar 27 15:40:13 2006] [warn] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Forbidden access to /manual/



That is what i added in the httpd.conf file :

<PAPI_Main>
  HKEY_File /usr/local/PAPI/Hcook.key
  LKEY_File /usr/local/PAPI/Lcook.key
  Hcook_DB /usr/local/PAPI/Hcook.db
  PAPI_AS Romain_AS https://papi.tpm.fr/cgi-bin/AuthServer My_AS
  Service_ID Romain_PoA
  Domain papi.tpm.fr
  Pubkeys_Path /usr/local/PAPI
  Lcook_Timeout 60
  CRC_Timeout 30
  URL_Timeout 200
  Accept_File /usr/local/PAPI/access_granted.jpg
  Reject_File /usr/local/PAPI/access_denied.jpg
  Auth_Location /papi/cookie_handler.cgi
  Debug 1
</PAPI_Main>

...

    ScriptAlias /papi /usr/local/PAPI

<Directory "/usr/local/PAPI">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>

    <Location /papi>
        PerlSendHeader On
        PerlAccessHandler PAPI::Main
    </Location>

    <Location /manual>
       PerlSendHeader On
       PerlAccessHandler PAPI::Main
        <PAPI_Local>
                PAPI_Filter .* => accept
                Server Romain_PoA
        </PAPI_Local>
    </Location>


Here is what i put in the AuthServer.cf:

# Default values for the PoA(s)
#
$$cfg{defTimeToLive} = 1800;
$$cfg{defLocation} = '/manual';
$$cfg{defService}= 'Romain_PoA';
$$cfg{defPoA} = 'http://papi.tpm.fr';
$$cfg{defDescription} = 'Romain_PoA';
$$cfg{defAuthURI} = '/papi/cookie_handler.cgi';
$$cfg{defAccessURI} = '';

I am using an openldap authentication:

# LDAPv3
# base <dc=tpm,dc=fr> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# tpm.fr
dn: dc=tpm,dc=fr
objectClass: domain
dc: racine

# local, tpm.fr
dn: cn=local,dc=tpm,dc=fr
objectClass: papiSite
papiSiteId: 1
papiSiteTtl: 180
papiSiteService: Romain_PoA
papiSitePoA: http://papi.tpm.fr
papiSiteLocation: /manual
papiSiteAuth: https://localhost/cgi-bin/AuthServer

# group, tpm.fr
dn: cn=group,dc=tpm,dc=fr
objectClass: papiGroup
papiGroupId: 1

# rdupre, tpm.fr
dn: cn=rdupre,dc=tpm,dc=fr
objectClass: papiUser
papiGroupId: 1
papiSiteId: 1
uid: rdupre
userPassword:: XXXXXXXXXXXXXXXXXXXX


Everything is on the same computer: papi.tpm.fr.I made tests and tests, i
read all the other posts but i didn't found the solution.

I hope somebody will be able to help me. (Sorry for my English, i am a poor
French student).

Regards,
Romain.

ATOM RSS1 RSS2