hola,
estoy tratando de configurar PAPI con el AS y PoA en el mismo servidor,
haciendo proxy autenticado a un dominio externo...
la peculiaridad del caso, es que trato de no usar "bolitas", sino que
funcione el WAYF,y que el AS sea accesible al usuario como https...
aunque este https es proporcionado por una electrónica intermedia entre
servidores y cliente, de forma que no sé si interferirá algo el hecho de
que el PoA no puede consultar al AS mediante https (no existe localmente
ese puerto)...
cliente ---https---> 443:(electronica intermedia) ---http--->
81:(servidor)
el caso es que no soy capaz a hacerlo funcionar... me redirije
continuamente a la página de login.html cuando trato de acceder al
dominio que gestiona el PoA, aunque previamente me diga que la
autenticación ha sido correcta (access.html).
si me podéis ayudar, lo agardecería... envío todas las infos que tengo:
(una cosa que he notado es que la cookie que establece el AS existe solo
para el servidor AS... no sé si es lo correcto, o me falta algo y
debería estar configurada para llegarle al PoA...)
saludos
-------------------------------------------------------
AuthServer.cf:
...
use PAPI::BasicAuth;
use PAPI::POPAuth;
my $authType = "pop";
$$cfg{authCookie} = 'PAPIuid,username';
$$cfg{authCookieDB} = '/usr/local/PAPI/AS/etc/PAPIAuthenCookies';
$$cfg{authCookieTimeToLive} = 3600;
$$cfg{asLocation} = 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer';
$$cfg{serverID} = 'UNILEON_PAPI_AS';
$$cfg{privateKey} = 'privkey.pem';
# Default values for the PoA(s)
#
$$cfg{defTimeToLive} = 1800;
$$cfg{defLocation} = '/';
$$cfg{defService}= 'UNILEON_PAPI_PoA_infoformacion';
$$cfg{defPoA} = 'http://piu.unileon.es/';
$$cfg{defDescription} = 'Sample PAPI PoA';
$$cfg{defAuthURI} = 'cookie_handler.cgi';
$$cfg{defAccessURI} = 'index.html';
# Hooks and hook config. By default, "basic" authentication is used
#
if ($authType eq "pop") {
$$cfg{authenticationHook} = \&PAPI::POPAuth::POP3User;
$$cfg{pop3Server} = "pop.unileon.es";
$$cfg{pop3Method} = 'PASS';
$$cfg{credentialHook} = \&PAPI::BasicAuth::DefCredentials;
$$cfg{attrRequestHook} = \&PAPI::BasicAuth::DefAttributes;
$$cfg{basicAuthDB} = "UNILEONsites.pdb";
...
-------------------------------------------------------
UNILEONsites.src -> pdimport -> UNILEONsites.pdb:
site::siteA::PoA para
infoformacion::http://piu.unileon.es::cookie_handler.cgi::7200::UNILEON_PAPI_P
oA_infoformacion::/
-------------------------------------------------------
httpd.conf:
...
#######
# PAPI
#######
<VirtualHost 193.146.96.3:80>
ServerName papi.unileon.es
RedirectMatch (.*) https://papi.unileon.es/cgi-bin/PAPI/AuthServer
</VirtualHost>
# cliente ---https---> 443:(electronica intermedia) ---http--->
81:(servidor)
<VirtualHost 193.146.96.3:81>
ServerName papi.unileon.es
ErrorDocument 404 https://papi.unileon.es/cgi-bin/PAPI/AuthServer
</VirtualHost>
include "./conf/papi.conf"
# PoA, PAPI
<VirtualHost 193.146.96.3:80>
ServerName piu.unileon.es
ErrorDocument 403 https://papi.unileon.es/cgi-bin/PAPI/AuthServer
<Location />
PerlSendHeader On
PerlAccessHandler PAPI::Main
<PAPI_Local>
Service_ID UNILEON_PAPI_PoA_infoformacion
Req_DB /usr/local/PAPI/PoA/req_proxy
GPoA_URL wayf:built-in
Domain unileon.es
Remote_URL http://piu.infoformacion.com/
</PAPI_Local>
</Location>
</VirtualHost>
-------------------------------------------------------
papi.conf:
#
# Configuracion general de PAPI
#
PerlModule PAPI::Conf
<PAPI_Main>
Service_ID UNILEON_PAPI_PoA_atropos
HKEY_File /usr/local/PAPI/PoA/hkey
LKEY_File /usr/local/PAPI/PoA/lkey
Lcook_Timeout 86400
CRC_Timeout 1800
URL_Timeout 1800
Debug 0
Auth_Location cookie_handler.cgi
# en caso de utilizar el mecanismo de las ''bolitas'',
# debemos descomentar las siguientes lineas
#Accept_File /usr/local/PAPI/PoA/yes.gif
#Reject_File /usr/local/PAPI/PoA/no.gif
Pubkeys_Path /usr/local/PAPI/PoA/KEYS
Hcook_DB /usr/local/PAPI/PoA/hcook.db
PAPI_AS UNILEON_PAPI_AS
https://papi.unileon.es/cgi-bin/PAPI/AuthServer AS_de_unileon
</PAPI_Main>
-------------------------------------------------------
error de apache:
(removidos keys ...)
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI#8836_1153471783: Accept_File parameter is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Parameters initialized:$VAR1 = bless( {
'RwUser' => undef,
'Accept_File' => undef
,
'attrList' => [],
'filters' => [],
'NoXML' => undef,
'PxCkSize' => undef,
'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
'registerKey' => '',
'HashUser' =>undef,
'Hcook_Handler' => undef,
'HcookGen' => undef,
'PoARw' => [],
'MxNonceErr' => undef,
'URL_Timeout' => '1800',
'SPOCPAct' => undef,
'registerVal' => '',
'SPOCPAcc' => undef,
'formProc' => {},
'Athens_uia' => undef,
'Auth_Location' => 'cookie_handler.cgi',
'Domain' => 'unileon.es',
'PAPI::ApachePoA' => undef,
'PADATH_HDD' => undef,
'RewUrlPatterns' => [],
'redirects' => [],
'rawHcook' => '',
'RewMimeTypes' => undef,
'cookieRejects' => [],
'GPoAHashUser' => undef,
'SPOCPSrv' => undef,
'CRC_Timeout' => '1800',
'RejUrlPatterns' => [],
'RwAll' => undef,
'Athens_Key' => undef,
'AttSep' => undef,
'Loc' => '/',
'AddressInToken' => undef,
'Proxy' => undef,
'MaxTtl' => undef,
'Debug' => '1',
'StripLocation' => undef,
'HttpAuth' => [],
'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
'Hkey' => 'adddddddddddddddddddddddddddddd',
'Athens_IID' => undef,
'Remote_Dom' => undef,
'Athens_TTL' => undef,
'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
'Id' => '8836_1153471783',
'GPoA_URL' => 'wayf:built-in',
'Athens_AAP' => undef,
'Lcook_Timeout' => '86400',
'Lkey' => 'bddddddddddddddddddddddddddddddd',
'Athens_psa' => undef,
'PxIP' => undef,
'EvalPx' => undef,
'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
'ases' => {
'UNILEON_PAPI_AS' => {
'desc' => 'AS_de_unileon',
'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
}
},
'Remote_Serv' => 'http://piu.infoformacion.com/',
'Reject_File' => undef,
'PADATH_LAA' => undef,
'ValSep' => undef,
'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
'G
PoA_Priv_Key' => undef\n }, 'PAPI::ApachePoA' );\n
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Main Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Main: Cookies received:\n Hcook=##, Lcook=##
[xxx xxx xx xx:xx:43 2006] [warn] [client yy.yy.yy.yy]
PAPI#8836_1153471783: Lcook is empty
[xxx xxx xx xx:xx:43 2006] [notice] [client yy.yy.yy.yy]
PAPI#8836_1153471783: Hcook is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI#8836_1153471783: Accept_File parameter i
s empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Saving key=#11534
717838836# req:$VAR1 = {
'headers' => bless( {
'Accept'=> 'image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/vnd.m
s-powerpoint, application/msword, application/x-shockwave-flash, */*',
'Accept-Encoding' => 'gzip, deflate',
'Accept-Language' => 'es',
'Connection' => 'Keep-Alive',
'Host' => 'piu.unileon.es',
'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1)'
}, 'Apache::Table' ),
'filename' => '/export/home/www/htdocs',
'args' => undef,
'method' => 'GET',
'uri' => '/'
};
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: PAPI#RedirectGPoA# Redirecting to built-in
WAYF: built-in
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI#8836_1153471783: Accept_File parameter is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Parameters initialized:$VAR1 = bless( {
'RwUser' => undef,
'Accept_File' => undef
,
'attrList' => [],
'filters' => [],
'NoXML' => undef,
'PxCkSize' => undef,
'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
'registerKey' => ''
'HashUser' =>undef,
'Hcook_Handler' => undef,
'HcookGen' => undef,
'PoARw' => [],
'MxNonceErr' => undef,
'URL_Timeout' => '1800',
'SPOCPAct' => undef,
'registerVal' => '',
'SPOCPAcc' => undef,
'formProc' => {},
'Athens_uia' => undef,
'Auth_Location' => 'cookie_handler.cgi',
'Domain' => 'unileon.es',
'PAPI::ApachePoA' => undef,
'PADATH_HDD' => undef,
'RewUrlPatterns' => [],
'redirects' => [],
'rawHcook' => '',
'RewMimeTypes' => undef,
'cookieRejects' => [],
'GPoAHashUser' => undef,
'SPOCPSrv' => undef,
'CRC_Timeout' => '1800',
'RejUrlPatterns' => [],
'RwAll' => undef,
'Athens_Key' => undef,
'AttSep' => undef,
'Loc' => '/',
'AddressInToken' => undef,
'Proxy' => undef,
'MaxTtl' => undef,
'Debug' => '1',
'StripLocation' => undef,
'HttpAuth' => [],
'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
'Hkey' => 'addddddddddddddddddddddddddddddd',
'Athens_IID' => undef,
'Remote_Dom' => undef,
'Athens_TTL' => undef,
'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
'Id' => '8836_1153471783',
'GPoA_URL' => 'wayf:built-in',
'Athens_AAP' => undef,
'Lcook_Timeout' => '86400',
'Lkey' => 'bddddddddddddddddddddddddddddddd',
'Athens_psa' => undef,
'PxIP' => undef,
'EvalPx' => undef,
'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
'ases' => {
'UNILEON_PAPI_AS' => {
'desc' => 'AS_de_unileon',
'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
}
},
'Remote_Serv' => 'http://piu.infoformacion.com/',
'Reject_File' => undef,
'PADATH_LAA' => undef,
'ValSep' => undef,
'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
'GPoA_Priv_Key' => undef
}, 'PAPI::ApachePoA' );
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Processing request:
/cookie_handler.cgi/PAPIASRedirector
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471783: Redirecting userback to AS for further
validation:
https://papi.unileon.es/cgi-bin/PAPI/AuthServer?ATTREQ=UNILEON_PA
PI_PoA_infoformacion&PAPIPOAREF=11534717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F[xxx
xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] PAPI#8836_1153471785:
Accept_File parameter is empty
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471785: Parameters initialized:$VAR1 = bless( {
'RwUser' => undef,
'Accept_File' => undef,
'attrList' => [],
'filters' => [],
'NoXML' => undef,
'PxCkSize' => undef,
'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
'registerKey' => '',
'HashUser' => undef,
'Hcook_Handler' => undef,
'HcookGen' => undef,
'PoARw' => [],
'MxNonceErr' => undef,
'URL_Timeout' => '1800',
'SPOCPAct' => undef,
'registerVal' => '',
'SPOCPAcc' => undef,
'formProc' => {},
'Athens_uia' => undef,
'Auth_Location' => 'cookie_handler.cgi',
'Domain' => 'unileon.es',
'PAPI::ApachePoA' => undef,
'PADATH_HDD' => undef,
'RewUrlPatterns' => [],
'redirects' => [],
'rawHcook' => '',
'RewMimeTypes' => undef,
'cookieRejects' => [],
'GPoAHashUser' => undef,
'SPOCPSrv' => undef,
'CRC_Timeout' => '1800',
'RejUrlPatterns' => [],
'RwAll' => undef,
'Athens_Key' => undef,
'AttSep' => undef,
'Loc' => '/',
'AddressInToken' => undef,
'Proxy' => undef,
'MaxTtl' => undef,
'Debug' => '1',
'StripLocation' => undef,
'HttpAuth' => [],
'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
'Hkey' => 'addddddddddddddddddddddddddddddd',
'Athens_IID' => undef,
'Remote_Dom' => undef,
'Athens_TTL' => undef,
'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
'Id' => '8836_1153471785',
'GPoA_URL' => 'wayf:built-in',
'Athens_AAP' => undef,
'Lcook_Timeout' => '86400',
'Lkey' => 'bddddddddddddddddddddddddddddddd',
'Athens_psa' => undef,
'PxIP' => undef,
'EvalPx' => undef,
'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
'ases' => {
'UNILEON_PAPI_AS' => {
'desc' => 'AS_de_unileon',
'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
}
},
'Remote_Serv' => 'http://piu.infoformacion.com/',
'Reject_File' => undef,
'PADATH_LAA' => undef,
'ValSep' => undef,
'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
'GPoA_Priv_Key' => undef
}, 'PAPI::ApachePoA' );
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471785: Processing request: /
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471785: Main Processing request: /
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy]
PAPI-DEBUG#8836_1153471785: Decrypted GPoA_URL: ERROR:0:0:11534717838836
[xxx xxx xx xx:xx:45 2006] [warn] [client yy.yy.yy.yy]
PAPI#8836_1153471785: Authentication ERROR received from GPoA wayf:built-in
[xxx xxx xx xx:xx:45 2006] [warn] [client yy.yy.yy.yy]
PAPI#8836_1153471785: Invalid GPoA/AS Answer for /
-------------------------------------------------------
access de apache:
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:43 +0200] "GET / HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:43 +0200] "GET
/cookie_handler.cgi/PAPIASRedirector?PAPIPOAREF=115
34717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F&ASID=UNILEON_PAPI_AS
HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:45 +0200] "GET
/cgi-bin/PAPI/AuthServer?ATTREQ=UNILEON_PAPI_PoA_infoformacion&PAPIPOAREF=11534717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F
HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:45 +0200] "GET
/?ACTION=CHECKED&AS=UNILEON_PAPI_AS&DATA=KeD01ggG%2FwIhrCbbfUhvyEYnOxmySGfrIVuKDKWkgO%2FkfAa3ZSTn%2FHBKh29pom5ofmBHcxPyQ2f5GfFzNRH6soe0hxTRAT1fDXKF9mgAWhwnfGwqDIjKzWclVF%2BTvLZYRltBo1zFcrTkHrTvEoMu0nqRdLTRaoo%2B12lkkzc61YQ%3D
HTTP/1.1" 302 310
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:46 +0200] "GET
/cgi-bin/PAPI/AuthServer HTTP/1.1" 200 131
--
Servicio de Informática y Comunicaciones
Vicerrectorado de Innovación Tecnológica
Universidad de León
León, España
Tlf.: +34 987 291305
[log in para visualizar]
|
