PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES
Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Esconda cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
Received:
by LISTSERV.REDIRIS.ES (LISTSERV-TCP/IP release 14.5) with spool id 472747 for [log in para visualizar]; Fri, 2 Feb 2007 17:58:40 +0100 from rediris.es (chico.rediris.es [130.206.1.3]) by listserv.rediris.es (Postfix) with ESMTP id F1DC75C2D3 for <[log in para visualizar]>; Fri, 2 Feb 2007 17:48:37 +0100 (CET) from chico (chico.rediris.es [130.206.1.3]) by chico.rediris.es (Postfix) with ESMTP id CD56F44C26 for <[log in para visualizar]>; Fri, 2 Feb 2007 17:48:37 +0100 (CET)
X-Original-To:
[log in para visualizar]
Date:
Fri, 2 Feb 2007 17:48:37 +0100
Reply-To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Subject:
Do not get accept/reject image + lcook & hcook empty
Message-ID:
<[log in para visualizar]>
Content-Transfer-Encoding:
quoted-printable
Emisor:
Krishan Purahoo <[log in para visualizar]>
Sender:
The PAPI authentication and authorization framework <[log in para visualizar]>
Mime-Version:
1.0
Delivered-To:
[log in para visualizar]
Parts/Attachments:
text/plain (220 lines) 
Hi,
   I am currently looking into PAPI to share web contents.
I have installed PAPI-AS and PAPI-POA, on two different
apache servers (running on the same machine on different ports).

AS - port 8085
POA - port 8088

I am having a couple of problems,

first: no image after authenticating on AS.
second: lccok & hcook empty when accessing POA


Connecting to the PAPI-AS, I can authenticate successfully using
BasicAuth and also IMAP.


After successfully authenticating (using both methods above), the next
screen I get is, the following

----

The server has accepted your authentication data

You can now access the resources included in the following list, simply
clicking on the corresponding link.

The symbol to the left of the links indicates whether the resource is
available or not.

----------------------------------------------------------------------------
You can check the status of your credentials using the Test button, or erase
the credentials currently stored by your browser using the Logout button.

It is also possible to change the status of your credentials accessing again
the Authentication Server.
----


I do not get the accept/reject image or the default POA listed
after authenticating.

With the BasicAuth method, I only get <POA URL> that is listed in
my basic authentication database.

Do I need to set an Image URL? where?


Here are some of my configurations:-

AS - AuthServer.cf

my $authType = "imap";

$$cfg{asLocation} = 'http://jactest:8085/cgi-papi/AuthServer';
$$cfg{serverID} = 'foo-as';
$$cfg{privateKey} = 'privateKey.pem';

$$cfg{acceptURL} = 'http://jactest:8088/manual/LICENSE';
$$cfg{rejectURL} = 'http://jactest:8088/manual/';

# Default values for the PoA(s)
#
$$cfg{defTimeToLive} = 1800;
$$cfg{defLocation} = '/manual';
$$cfg{defService}= 'bar-poa';
$$cfg{defPoA} = 'http://jactest:8088/';
$$cfg{defDescription} = 'Sample PAPI PoA';
$$cfg{defAuthURI} = 'PAPI/cookie_handler.cgi';
$$cfg{defAccessURI} = 'index.html';

$$cfg{IMAPServer} = "my-imapserver";


** All the other settings are the default in the AuthServer.cf file **


My PAPI-POA - httpd.conf file

PerlModule PAPI::Conf

<PAPI_Main>
  HKEY_File /usr/local/depot/PAPI/AS/etc/hkey
  LKEY_File /usr/local/depot/PAPI/AS/etc/lkey
  Hcook_DB /usr/local/depot/PAPI/AS/etc/hcookdb
  Server bar-poa
  PAPI_AS foo-as http://jactest:8085/cgi-papi/AuthServer MY_AS
  Pubkeys_Path /usr/local/depot/PAPI/AS/etc
  Lcook_Timeout 1800
  CRC_Timeout 1800
  URL_Timeout 1800
  Debug 1
  Domain mydomain.uk
  Accept_File /usr/local/depot/PAPI/apache_1.3.37/icons/ball.red.png
  Reject_File /usr/local/depot/PAPI/apache_1.3.37/icons/ball.gray.png
  Auth_Location PAPI/cookie_handler.cgi
  Debug 1
</PAPI_Main>


    alias /papi /usr/local/depot/PAPI/AS/etc/

    <Location /papi >
        PerlSendHeader On
        PerlAccessHandler PAPI::Main
    </Location>

    <Location /manual >
        PerlSendHeader On
        PerlAccessHandler PAPI::Main
        <PAPI_Local>
                Server local
                PAPI_Filter default
        </PAPI_Local>
    </Location>

Log file for AS.

2007 Feb  2 15:20:20 PAPI::AuthServer[12319]: Host: 165.239.30.149. User:
kpur. Operation LOGIN accepted. Userid: kpur
2007 Feb  2 15:54:14 PAPI::AuthServer[19535]: Host: 165.239.30.149. User:
kpur. Operation LOGIN accepted. Userid: kpur
2007 Feb  2 16:07:10 PAPI::AuthServer[24961]: Host: 165.239.30.149. User:
kpur. Operation LOGOUT accepted. Userid: kpur
2007 Feb  2 16:07:27 PAPI::AuthServer[24979]: Host: 165.239.30.149. User:
kpur. Operation LOGIN accepted. Userid: kpur


POA:
====

When I try to access (POA) http://jactest:8088/manual, I get '403 forbidden'
and the following logs

httpd_error.log  (POA)

[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16284_1170430608_local: Processing request: /manual
[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16284_1170430608_local: Main Processing request: /manual
[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16284_1170430608_local: Processing request: /manual
[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16284_1170430608_local: Main: Cookies received:\n Hcook=##, Lcook=##
[Fri Feb  2 15:36:48 2007] [warn] [client 165.239.30.149]
PAPI#16284_1170430608_local: Lcook is empty
[Fri Feb  2 15:36:48 2007] [notice] [client 165.239.30.149]
PAPI#16284_1170430608_local: Hcook is empty
[Fri Feb  2 15:36:48 2007] [warn] [client 165.239.30.149]
PAPI#16284_1170430608_local: Forbidden access to /manual
[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16285_1170433996_local: Parameters initialized:$VAR1 = bless( {\n
                'RwUser' => undef,\n                 'attrList' => [],\n   
             'filters' => [\n                                'default'\n   
                          ],\n                 'PxCkSize' => 320768,\n     
           'ApacheRequest' => bless( do{\\(my $o = 139073428)}, 'Apache'
),\n                 'Hcook_Handler' => undef,\n                 'SPOCPAct'
=> 'accept',\n                 'registerVal' => '',\n                
'SPOCPAcc' => 0,\n                 'formProc' => {},\n                
'Athens_uia' => undef,\n                 'Domain' => 'jet.uk',\n           
     'PADATH_HDD' => undef,\n                 'RewUrlPatterns' => [],\n    
            'redirects' => [],\n                 'RewMimeTypes' => undef,\n
                'cookieRejects' => [],\n                 'RwAll' => undef,\n
                'AttSep' => undef,\n                 'Loc' => '/manual',\n 
               'MaxTtl' => undef,\n                 'HttpAuth' => [],\n    
            'Req_DB' => undef,\n                 'Hkey' =>
'28b4a3bd66d12a2ea75d2dbbca8bd772',\n                 'Remote_Dom' =>
undef,\n                 'Serv' => 'local',\n                 'Id' =>
'16285_1170433996_local',\n                 'Athens_AAP' => undef,\n       
         'Lkey' => '0055bca3289d4a9646905f188e8284a8',\n                
'Athens_psa' => undef,\n                 'EvalPx' => undef,\n              
  'Pubkeys_Path' => '/usr/local/depot/PAPI/AS/etc',\n                
'Remote_Serv' => undef,\n                 'ValSep' => undef,\n             
   'Hcook_DB' => '/usr/local/depot/PAPI/AS/etc/hcookdb',\n                
'GPoA_Priv_Key' => undef,\n                 'Accept_File' =>
'/usr/local/depot/PAPI/apache_1.3.37/icons/ball.red.png',\n                
'NoXML' => undef,\n                 'HashUser' => undef,\n                
'registerKey' => '',\n                 'HcookGen' => undef,\n              
  'URL_Timeout' => '1800',\n                 'MxNonceErr' => 3,\n          
      'PoARw' => [],\n                 'Auth_Location' =>
'PAPI/cookie_handler.cgi',\n                 'PAPI::ApachePoA' => undef,\n 
               'rawHcook' => '',\n                 'GPoAHashUser' =>
undef,\n                 'SPOCPSrv' => undef,\n                
'CRC_Timeout' => '1800',\n                 'RejUrlPatterns' => [],\n       
         'Athens_Key' => undef,\n                 'Proxy' => undef,\n      
          'AddressInToken' => undef,\n                 'StripLocation' =>
undef,\n                 'Debug' => '1',\n                 'Athens_IID' =>
undef,\n                 'Athens_TTL' => undef,\n                 'GPoA_URL'
=> undef,\n                 'Lcook_Timeout' => '1800',\n                
'PxIP' => undef,\n                 'ases' => {\n                           
 'foo-as' => {\n                                           'desc' =>
'MY_AS',\n                                           'url' =>
'http://jactest:8085/cgi-papi/AuthServer'\n                                
        }\n                           },\n                 'Reject_File' =>
'/usr/local/depot/PAPI/apache_1.3.37/icons/ball.gray.png',\n               
 'PADATH_LAA' => undef\n               }, 'PAPI::ApachePoA' );\n
[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16285_1170433996_local: Processing request: /manual
[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16285_1170433996_local: Main Processing request: /manual
[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16285_1170433996_local: Processing request: /manual
[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
PAPI-DEBUG#16285_1170433996_local: Main: Cookies received:\n Hcook=##, Lcook=##
[Fri Feb  2 16:33:17 2007] [warn] [client 165.239.30.149]
PAPI#16285_1170433996_local: Lcook is empty
[Fri Feb  2 16:33:17 2007] [notice] [client 165.239.30.149]
PAPI#16285_1170433996_local: Hcook is empty
[Fri Feb  2 16:33:17 2007] [warn] [client 165.239.30.149]
PAPI#16285_1170433996_local: Forbidden access to /manual
[



Many Thanks in advance for any help


krishan

ATOM RSS1 RSS2