PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES

Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Mostrar todas las cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
Subject:
Emisor:
"Roberto S. G." <[log in para visualizar]>
Reply To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Fecha:
Fri, 21 Jul 2006 11:54:55 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (445 lines)
hola,
estoy tratando de configurar PAPI con el AS y PoA en el mismo servidor, 
haciendo proxy autenticado a un dominio externo...
la peculiaridad del caso, es que trato de no usar "bolitas", sino que 
funcione el WAYF,y que el AS sea accesible al usuario como https... 
aunque este https es proporcionado por una electrnica intermedia entre 
servidores y cliente, de forma que no s si interferir algo el hecho de 
que el PoA no puede consultar al AS mediante https (no existe localmente 
ese puerto)...
    cliente ---https---> 443:(electronica intermedia) ---http---> 
81:(servidor)
el caso es que no soy capaz a hacerlo funcionar... me redirije 
continuamente a la pgina de login.html cuando trato de acceder al 
dominio que gestiona el PoA, aunque previamente me diga que la 
autenticacin ha sido correcta (access.html).
si me podis ayudar, lo agardecera... envo todas las infos que tengo:

(una cosa que he notado es que la cookie que establece el AS existe solo 
para el servidor AS... no s si es lo correcto, o me falta algo y 
debera estar configurada para llegarle al PoA...)

saludos

-------------------------------------------------------
AuthServer.cf:

...
use PAPI::BasicAuth;
use PAPI::POPAuth;

my $authType = "pop";

$$cfg{authCookie} = 'PAPIuid,username';
$$cfg{authCookieDB} = '/usr/local/PAPI/AS/etc/PAPIAuthenCookies';
$$cfg{authCookieTimeToLive} = 3600;
$$cfg{asLocation} = 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer';
$$cfg{serverID} = 'UNILEON_PAPI_AS';
$$cfg{privateKey} = 'privkey.pem';

# Default values for the PoA(s)
#
$$cfg{defTimeToLive} = 1800;
$$cfg{defLocation} = '/';
$$cfg{defService}= 'UNILEON_PAPI_PoA_infoformacion';
$$cfg{defPoA} = 'http://piu.unileon.es/';
$$cfg{defDescription} = 'Sample PAPI PoA';
$$cfg{defAuthURI} = 'cookie_handler.cgi';
$$cfg{defAccessURI} = 'index.html';

# Hooks and hook config. By default, "basic" authentication is used
#
if ($authType eq "pop") {
   $$cfg{authenticationHook} = \&PAPI::POPAuth::POP3User;
   $$cfg{pop3Server} = "pop.unileon.es";
   $$cfg{pop3Method} = 'PASS';
   $$cfg{credentialHook} = \&PAPI::BasicAuth::DefCredentials;
   $$cfg{attrRequestHook} = \&PAPI::BasicAuth::DefAttributes;
   $$cfg{basicAuthDB} = "UNILEONsites.pdb";
...
-------------------------------------------------------
UNILEONsites.src -> pdimport -> UNILEONsites.pdb:

site::siteA::PoA para 
infoformacion::http://piu.unileon.es::cookie_handler.cgi::7200::UNILEON_PAPI_P
oA_infoformacion::/

-------------------------------------------------------
httpd.conf:

...
#######
# PAPI
#######
<VirtualHost 193.146.96.3:80>
        ServerName papi.unileon.es
        RedirectMatch (.*) https://papi.unileon.es/cgi-bin/PAPI/AuthServer
</VirtualHost>
# cliente ---https---> 443:(electronica intermedia) ---http---> 
81:(servidor)
<VirtualHost 193.146.96.3:81>
        ServerName papi.unileon.es
        ErrorDocument 404 https://papi.unileon.es/cgi-bin/PAPI/AuthServer
</VirtualHost>

include "./conf/papi.conf"

# PoA, PAPI
<VirtualHost 193.146.96.3:80>
        ServerName piu.unileon.es
        ErrorDocument 403 https://papi.unileon.es/cgi-bin/PAPI/AuthServer
        <Location />
                PerlSendHeader On
                PerlAccessHandler PAPI::Main
                <PAPI_Local>
                        Service_ID UNILEON_PAPI_PoA_infoformacion
                        Req_DB /usr/local/PAPI/PoA/req_proxy
                        GPoA_URL wayf:built-in
                        Domain unileon.es
                        Remote_URL http://piu.infoformacion.com/
                </PAPI_Local>
        </Location>
</VirtualHost>

-------------------------------------------------------
papi.conf:

#
# Configuracion general de PAPI
#
PerlModule PAPI::Conf
<PAPI_Main>
        Service_ID UNILEON_PAPI_PoA_atropos
        HKEY_File /usr/local/PAPI/PoA/hkey
        LKEY_File /usr/local/PAPI/PoA/lkey
        Lcook_Timeout 86400
        CRC_Timeout 1800
        URL_Timeout 1800
        Debug 0
        Auth_Location cookie_handler.cgi
        # en caso de utilizar el mecanismo de las ''bolitas'',
        # debemos descomentar las siguientes lineas
        #Accept_File /usr/local/PAPI/PoA/yes.gif
        #Reject_File /usr/local/PAPI/PoA/no.gif
        Pubkeys_Path /usr/local/PAPI/PoA/KEYS
        Hcook_DB /usr/local/PAPI/PoA/hcook.db
        PAPI_AS UNILEON_PAPI_AS 
https://papi.unileon.es/cgi-bin/PAPI/AuthServer AS_de_unileon
</PAPI_Main>

-------------------------------------------------------
 error de apache:
 (removidos keys ...)

[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI#8836_1153471783: Accept_File parameter is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Parameters initialized:$VAR1 = bless( {
    'RwUser' => undef,
    'Accept_File' => undef
,
    'attrList' => [],
    'filters' => [],
    'NoXML' => undef,
    'PxCkSize' => undef,
    'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
    'registerKey' => '',
    'HashUser' =>undef,
    'Hcook_Handler' => undef,
    'HcookGen' => undef,
    'PoARw' => [],
    'MxNonceErr' => undef,
    'URL_Timeout' => '1800',
    'SPOCPAct' => undef,
    'registerVal' => '',
    'SPOCPAcc' => undef,
    'formProc' => {},
    'Athens_uia' => undef,

    'Auth_Location' => 'cookie_handler.cgi',
    'Domain' => 'unileon.es',
    'PAPI::ApachePoA' => undef,
    'PADATH_HDD' => undef,
    'RewUrlPatterns' => [],
    'redirects' => [],
    'rawHcook' => '',
    'RewMimeTypes' => undef,
    'cookieRejects' => [],
    'GPoAHashUser' => undef,
    'SPOCPSrv' => undef,
    'CRC_Timeout' => '1800',
    'RejUrlPatterns' => [],
    'RwAll' => undef,
    'Athens_Key' => undef,
    'AttSep' => undef,
    'Loc' => '/',
    'AddressInToken' => undef,
    'Proxy' => undef,
    'MaxTtl' => undef,
    'Debug' => '1',
    'StripLocation' => undef,
    'HttpAuth' => [],
    'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
    'Hkey' => 'adddddddddddddddddddddddddddddd',
    'Athens_IID' => undef,
    'Remote_Dom' => undef,
    'Athens_TTL' => undef,
    'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
    'Id' => '8836_1153471783',
    'GPoA_URL' => 'wayf:built-in',
    'Athens_AAP' => undef,
    'Lcook_Timeout' => '86400',
    'Lkey' => 'bddddddddddddddddddddddddddddddd',
    'Athens_psa' => undef,
    'PxIP' => undef,
    'EvalPx' => undef,
    'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
    'ases' => {
    'UNILEON_PAPI_AS' => {
        'desc' => 'AS_de_unileon',
            'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
            }
    },
    'Remote_Serv' => 'http://piu.infoformacion.com/',
    'Reject_File' => undef,
    'PADATH_LAA' => undef,
    'ValSep' => undef,
    'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
    'G
PoA_Priv_Key' => undef\n               }, 'PAPI::ApachePoA' );\n
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Main Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Processing request: /
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Main: Cookies received:\n Hcook=##, Lcook=##
[xxx xxx xx xx:xx:43 2006] [warn] [client yy.yy.yy.yy] 
PAPI#8836_1153471783: Lcook is empty
[xxx xxx xx xx:xx:43 2006] [notice] [client yy.yy.yy.yy] 
PAPI#8836_1153471783: Hcook is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI#8836_1153471783: Accept_File parameter i
s empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Saving key=#11534
717838836# req:$VAR1 = {
    'headers' => bless( {
                   'Accept'=> 'image/gif, image/x-xbitmap, image/jpeg, 
image/pjpeg, application/vnd.ms-excel, application/vnd.m
s-powerpoint, application/msword, application/x-shockwave-flash, */*',
                   'Accept-Encoding' => 'gzip, deflate',
                   'Accept-Language' => 'es',
                   'Connection' => 'Keep-Alive',
                   'Host' => 'piu.unileon.es',
                   'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; 
Windows NT 5.1; SV1)'
                 }, 'Apache::Table' ),
    'filename' => '/export/home/www/htdocs',
    'args' => undef,
    'method' => 'GET',
    'uri' => '/'
    };

[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: PAPI#RedirectGPoA# Redirecting to built-in 
WAYF: built-in
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI#8836_1153471783: Accept_File parameter is empty
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Parameters initialized:$VAR1 = bless( {
    'RwUser' => undef,
    'Accept_File' => undef
,
    'attrList' => [],
    'filters' => [],
    'NoXML' => undef,
    'PxCkSize' => undef,
    'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
    'registerKey' => ''
    'HashUser' =>undef,
    'Hcook_Handler' => undef,
    'HcookGen' => undef,
    'PoARw' => [],
    'MxNonceErr' => undef,
    'URL_Timeout' => '1800',
    'SPOCPAct' => undef,
    'registerVal' => '',
    'SPOCPAcc' => undef,
    'formProc' => {},
    'Athens_uia' => undef,

    'Auth_Location' => 'cookie_handler.cgi',
    'Domain' => 'unileon.es',
    'PAPI::ApachePoA' => undef,
    'PADATH_HDD' => undef,
    'RewUrlPatterns' => [],
    'redirects' => [],
    'rawHcook' => '',
    'RewMimeTypes' => undef,
    'cookieRejects' => [],
    'GPoAHashUser' => undef,
    'SPOCPSrv' => undef,
    'CRC_Timeout' => '1800',
    'RejUrlPatterns' => [],
    'RwAll' => undef,
    'Athens_Key' => undef,
    'AttSep' => undef,
    'Loc' => '/',
    'AddressInToken' => undef,
    'Proxy' => undef,
    'MaxTtl' => undef,
    'Debug' => '1',
    'StripLocation' => undef,
    'HttpAuth' => [],
    'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
    'Hkey' => 'addddddddddddddddddddddddddddddd',
    'Athens_IID' => undef,
    'Remote_Dom' => undef,
    'Athens_TTL' => undef,
    'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
    'Id' => '8836_1153471783',
    'GPoA_URL' => 'wayf:built-in',
    'Athens_AAP' => undef,
    'Lcook_Timeout' => '86400',
    'Lkey' => 'bddddddddddddddddddddddddddddddd',
    'Athens_psa' => undef,
    'PxIP' => undef,
    'EvalPx' => undef,
    'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
    'ases' => {
    'UNILEON_PAPI_AS' => {
        'desc' => 'AS_de_unileon',
            'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
            }
    },
    'Remote_Serv' => 'http://piu.infoformacion.com/',
    'Reject_File' => undef,
    'PADATH_LAA' => undef,
    'ValSep' => undef,
    'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
    'GPoA_Priv_Key' => undef
    }, 'PAPI::ApachePoA' );

[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Processing request: 
/cookie_handler.cgi/PAPIASRedirector
[xxx xxx xx xx:xx:43 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471783: Redirecting userback to AS for further 
validation: 
https://papi.unileon.es/cgi-bin/PAPI/AuthServer?ATTREQ=UNILEON_PA
PI_PoA_infoformacion&PAPIPOAREF=11534717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F[xxx 
xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] PAPI#8836_1153471785: 
Accept_File parameter is empty
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471785: Parameters initialized:$VAR1 = bless( {
    'RwUser' => undef,
    'Accept_File' => undef,
    'attrList' => [],
    'filters' => [],
    'NoXML' => undef,
    'PxCkSize' => undef,
    'ApacheRequest' => bless( do{\\(my $o = 1960344)}, 'Apache' ),
    'registerKey' => '',
    'HashUser' => undef,
    'Hcook_Handler' => undef,
    'HcookGen' => undef,
    'PoARw' => [],
    'MxNonceErr' => undef,
    'URL_Timeout' => '1800',
    'SPOCPAct' => undef,
    'registerVal' => '',
    'SPOCPAcc' => undef,
    'formProc' => {},
    'Athens_uia' => undef,

    'Auth_Location' => 'cookie_handler.cgi',
    'Domain' => 'unileon.es',
    'PAPI::ApachePoA' => undef,
    'PADATH_HDD' => undef,
    'RewUrlPatterns' => [],
    'redirects' => [],
    'rawHcook' => '',
    'RewMimeTypes' => undef,
    'cookieRejects' => [],
    'GPoAHashUser' => undef,
    'SPOCPSrv' => undef,
    'CRC_Timeout' => '1800',
    'RejUrlPatterns' => [],
    'RwAll' => undef,
    'Athens_Key' => undef,
    'AttSep' => undef,
    'Loc' => '/',
    'AddressInToken' => undef,
    'Proxy' => undef,
    'MaxTtl' => undef,
    'Debug' => '1',
    'StripLocation' => undef,
    'HttpAuth' => [],
    'Req_DB' => '/usr/local/PAPI/PoA/req_proxy',
    'Hkey' => 'addddddddddddddddddddddddddddddd',
    'Athens_IID' => undef,
    'Remote_Dom' => undef,
    'Athens_TTL' => undef,
    'Serv' => 'UNILEON_PAPI_PoA_infoformacion',
    'Id' => '8836_1153471785',
    'GPoA_URL' => 'wayf:built-in',
    'Athens_AAP' => undef,
    'Lcook_Timeout' => '86400',
    'Lkey' => 'bddddddddddddddddddddddddddddddd',
    'Athens_psa' => undef,
    'PxIP' => undef,
    'EvalPx' => undef,
    'Pubkeys_Path' => '/usr/local/PAPI/PoA/KEYS',
    'ases' => {
    'UNILEON_PAPI_AS' => {
        'desc' => 'AS_de_unileon',
            'url' => 'https://papi.unileon.es/cgi-bin/PAPI/AuthServer'
            }
    },
    'Remote_Serv' => 'http://piu.infoformacion.com/',
    'Reject_File' => undef,
    'PADATH_LAA' => undef,
    'ValSep' => undef,
    'Hcook_DB' => '/usr/local/PAPI/PoA/hcook.db',
    'GPoA_Priv_Key' => undef
    }, 'PAPI::ApachePoA' );

[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471785: Processing request: /
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471785: Main Processing request: /
[xxx xxx xx xx:xx:45 2006] [error] [client yy.yy.yy.yy] 
PAPI-DEBUG#8836_1153471785: Decrypted GPoA_URL: ERROR:0:0:11534717838836
[xxx xxx xx xx:xx:45 2006] [warn] [client yy.yy.yy.yy] 
PAPI#8836_1153471785: Authentication ERROR received from GPoA wayf:built-in
[xxx xxx xx xx:xx:45 2006] [warn] [client yy.yy.yy.yy] 
PAPI#8836_1153471785: Invalid GPoA/AS Answer for /

-------------------------------------------------------
access de apache:

yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:43 +0200] "GET / HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:43 +0200] "GET 
/cookie_handler.cgi/PAPIASRedirector?PAPIPOAREF=115
34717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F&ASID=UNILEON_PAPI_AS 
HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:45 +0200] "GET 
/cgi-bin/PAPI/AuthServer?ATTREQ=UNILEON_PAPI_PoA_infoformacion&PAPIPOAREF=11534717838836&PAPIPOAURL=http%3A%2F%2Fpiu%2Eunileon%2Ees%2F 
HTTP/1.1" 302 5
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:45 +0200] "GET 
/?ACTION=CHECKED&AS=UNILEON_PAPI_AS&DATA=KeD01ggG%2FwIhrCbbfUhvyEYnOxmySGfrIVuKDKWkgO%2FkfAa3ZSTn%2FHBKh29pom5ofmBHcxPyQ2f5GfFzNRH6soe0hxTRAT1fDXKF9mgAWhwnfGwqDIjKzWclVF%2BTvLZYRltBo1zFcrTkHrTvEoMu0nqRdLTRaoo%2B12lkkzc61YQ%3D 
HTTP/1.1" 302 310
yy.yy.yy.yy - - [xx/xxx/2006:xx:xx:46 +0200] "GET 
/cgi-bin/PAPI/AuthServer HTTP/1.1" 200 131


-- 
Servicio de Informtica y Comunicaciones
Vicerrectorado de Innovacin Tecnolgica
Universidad de Len
Len, Espaa
Tlf.: +34 987 291305
[log in para visualizar]

ATOM RSS1 RSS2