LISTSERV - PAPI Archivos - LISTSERV.REDIRIS.ES

PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES

	Mis archivos LISTSERV
	PAPI Home

	Log In
	Registrarse

	Suscribirse o Darse de baja

	Buscar en mis Archivos

	PAPI Politica de Privacidad

Opciones:	Vista Forum Use Monospaced Font Por defecto enseñar Text Part Mostrar todas las cabeceras de correo
Mensaje:	[<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema:	[<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor:	[<< Primero] [< Prev] [Siguiente >] [Último >>]

Subject:	Lcook and Hcook empty
Emisor:	SUBSCRIBE PAPY Romain Dupre <[log in para visualizar]>
Reply To:	The PAPI authentication and authorization framework <[log in para visualizar]>
Fecha:	Mon, 27 Mar 2006 16:46:08 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (177 lines)

Hi,

I am currently doing an intership in order to finish my studies, my subject
is "setting up an SSO system" and PAPI seems to be the good one.

So my problem is in the subject;

Here is the apache 1.3.34 log : 


[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Parameters initialized:$VAR1 =
bless( {\n                 'RwUser' => undef,\n                 'attrList'
=> [],\n                 'filters' => [\n                                '.*
=> accept'\n                              ],\n                 'PxCkSize' =>
320768,\n                 'ApacheRequest' => bless( do{\\(my $o =
135967988)}, 'Apache' ),\n                 'Hcook_Handler' => undef,\n     
           'SPOCPAct' => 'accept',\n                 'registerVal' => '',\n
                'SPOCPAcc' => 0,\n                 'formProc' => {},\n     
           'Athens_uia' => undef,\n                 'Domain' =>
'papi.tpm.fr',\n                 'PADATH_HDD' => undef,\n                
'RewUrlPatterns' => [],\n                 'redirects' => [],\n             
   'RewMimeTypes' => undef,\n                 'cookieRejects' => [],\n     
           'RwAll' => undef,\n                 'AttSep' => undef,\n        
        'Loc' => '/manual',\n                 'MaxTtl' => undef,\n         
       'HttpAuth' => [],\n                 'Req_DB' => undef,\n            
    'Hkey' => '3dcfcb769163c70d37e5134ec461bccd',\n                
'Remote_Dom' => undef,\n                 'Serv' => 'Romain_PoA',\n         
       'Id' => '14505_1143466813_Romain_PoA',\n                 'Athens_AAP'
=> undef,\n                 'Lkey' => '5b0732db8d10e7718b21982970a4bbc0',\n
                'Athens_psa' => undef,\n                 'EvalPx' =>
undef,\n                 'Pubkeys_Path' => '/usr/local/PAPI',\n            
    'Remote_Serv' => undef,\n                 'ValSep' => undef,\n         
       'Hcook_DB' => '/usr/local/PAPI/Hcook.db',\n                
'GPoA_Priv_Key' => undef,\n                 'Accept_File' =>
'/usr/local/PAPI/access_granted.jpg',\n                 'NoXML' => undef,\n
                'HashUser' => undef,\n                 'registerKey' =>
'',\n                 'HcookGen' => undef,\n                 'URL_Timeout'
=> '200',\n                 'MxNonceErr' => 3,\n                 'PoARw' =>
[],\n                 'Auth_Location' => '/papi/cookie_handler.cgi',\n     
           'PAPI::ApachePoA' => undef,\n                 'rawHcook' => '',\n
                'GPoAHashUser' => undef,\n                 'SPOCPSrv' =>
undef,\n                 'CRC_Timeout' => '30',\n                
'RejUrlPatterns' => [],\n                 'Athens_Key' => undef,\n         
       'Proxy' => undef,\n                 'AddressInToken' => undef,\n    
            'StripLocation' => undef,\n                 'Debug' => '1',\n  
              'Athens_IID' => undef,\n                 'Athens_TTL' =>
undef,\n                 'GPoA_URL' => undef,\n                
'Lcook_Timeout' => '60',\n                 'PxIP' => undef,\n              
  'ases' => {\n                             'Romain_AS' => {\n             
                                'desc' => 'My_AS',\n                       
                      'url' => 'https://papi.tpm.fr/cgi-bin/AuthServer'\n  
                                         }\n                           },\n
                'Reject_File' => '/usr/local/PAPI/access_denied.jpg',\n    
            'PADATH_LAA' => undef\n               }, 'PAPI::ApachePoA' );\n

[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Main Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Processing request: /manual/
[Mon Mar 27 15:40:13 2006] [error] [client 10.6.1.40]
PAPI-DEBUG#14505_1143466813_Romain_PoA: Main: Cookies received:\n Hcook=##,
Lcook=##
[Mon Mar 27 15:40:13 2006] [warn] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Lcook is empty
[Mon Mar 27 15:40:13 2006] [notice] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Hcook is empty
[Mon Mar 27 15:40:13 2006] [warn] [client 10.6.1.40]
PAPI#14505_1143466813_Romain_PoA: Forbidden access to /manual/



That is what i added in the httpd.conf file :

<PAPI_Main>
  HKEY_File /usr/local/PAPI/Hcook.key
  LKEY_File /usr/local/PAPI/Lcook.key
  Hcook_DB /usr/local/PAPI/Hcook.db
  PAPI_AS Romain_AS https://papi.tpm.fr/cgi-bin/AuthServer My_AS
  Service_ID Romain_PoA
  Domain papi.tpm.fr
  Pubkeys_Path /usr/local/PAPI
  Lcook_Timeout 60
  CRC_Timeout 30
  URL_Timeout 200
  Accept_File /usr/local/PAPI/access_granted.jpg
  Reject_File /usr/local/PAPI/access_denied.jpg
  Auth_Location /papi/cookie_handler.cgi
  Debug 1
</PAPI_Main>

...

    ScriptAlias /papi /usr/local/PAPI

<Directory "/usr/local/PAPI">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>

    <Location /papi>
        PerlSendHeader On
        PerlAccessHandler PAPI::Main
    </Location>

    <Location /manual>
       PerlSendHeader On
       PerlAccessHandler PAPI::Main
        <PAPI_Local>
                PAPI_Filter .* => accept
                Server Romain_PoA
        </PAPI_Local>
    </Location>


Here is what i put in the AuthServer.cf:

# Default values for the PoA(s)
#
$$cfg{defTimeToLive} = 1800;
$$cfg{defLocation} = '/manual';
$$cfg{defService}= 'Romain_PoA';
$$cfg{defPoA} = 'http://papi.tpm.fr';
$$cfg{defDescription} = 'Romain_PoA';
$$cfg{defAuthURI} = '/papi/cookie_handler.cgi';
$$cfg{defAccessURI} = '';

I am using an openldap authentication:

# LDAPv3
# base <dc=tpm,dc=fr> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# tpm.fr
dn: dc=tpm,dc=fr
objectClass: domain
dc: racine

# local, tpm.fr
dn: cn=local,dc=tpm,dc=fr
objectClass: papiSite
papiSiteId: 1
papiSiteTtl: 180
papiSiteService: Romain_PoA
papiSitePoA: http://papi.tpm.fr
papiSiteLocation: /manual
papiSiteAuth: https://localhost/cgi-bin/AuthServer

# group, tpm.fr
dn: cn=group,dc=tpm,dc=fr
objectClass: papiGroup
papiGroupId: 1

# rdupre, tpm.fr
dn: cn=rdupre,dc=tpm,dc=fr
objectClass: papiUser
papiGroupId: 1
papiSiteId: 1
uid: rdupre
userPassword:: XXXXXXXXXXXXXXXXXXXX


Everything is on the same computer: papi.tpm.fr.I made tests and tests, i
read all the other posts but i didn't found the solution.

I hope somebody will be able to help me. (Sorry for my English, i am a poor
French student).

Regards,
Romain.

ATOM RSS1 RSS2

LISTSERV.REDIRIS.ES