PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES

Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Mostrar todas las cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
Subject:
Emisor:
Romain Dupre <[log in para visualizar]>
Reply To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Fecha:
Mon, 3 Apr 2006 17:06:55 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (222 lines)
Hi,

i'm back with my problems.

So this time i'm testing php_poa but i can't find where i make a mistake.
I have two apache servers (1.3.34) running on the same computer; one is 
listening on the port 80 (it hosts the AS and the php page to protect) and 
the other one is listening on the port 8080 (it hosts the GPoA).

The phpPoA.ini file : 

[PAPI_Main]
Lcook_Timeout = 86400
Request_DB = /usr/local/PAPI/request_db.db4
DB_Type = db4
error_log = /etc/httpd/logs/papi_error.log
Not_Auth_Error_File = http://papi.tpm.fr/PoA/NotAuthorized.html
Cookie_Error_File = http://papi.tpm.fr/PoA/CookieError.html
System_Error_File = http://papi.tpm.fr/PoA/SystemError.html
PAPI_Filter_accept = ".*"
PAPI_Filter_reject = ""
; Cookie_Domain is Optional
Cookie_Domain = papi.tpm.fr
LKEY_File = /usr/local/PAPI/lkey
GPoA_Pub_Key = /usr/local/PAPI/GPoA_pubkey.pem
GPoA_URL = http://papi.tpm.fr:8080/GPoA/gpoa/cookie_handler.cgi


[php_protect]
Location = /php_protect

_________________________________________________________________________


That's what i added in the GPoA apache httpd.conf :

<PAPI_Main>
  HKEY_File /usr/local/PAPI/GPoA_Hcook.key
  LKEY_File /usr/local/PAPI/GPoA_Lcook.key
  Hcook_DB /usr/local/PAPI/GPoA_hcook.db
  PAPI_AS Romain_AS http://papi.tpm.fr/cgi-bin/AuthServer My_AS
  Service_ID Romain_GPoA
  Domain papi.tpm.fr
  Pubkeys_Path /usr/local/PAPI
  Lcook_Timeout 60
  CRC_Timeout 30
  URL_Timeout 200
  Accept_File /etc/httpd/htdocs/access_granted.jpg
  Reject_File /etc/httpd/htdocs/access_denied.jpg
  Auth_Location /gpoa/cookie_handler.cgi
  Debug 1
</PAPI_Main>

<IfModule mod_alias.c>

Alias /GPoA /usr/local/as/htdocs/GPoA

<Directory "/usr/local/as/htdocs/GPoA">
        Options Indexes FollowSymlinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>


<Location /GPoA>
    PerlSendHeader On
    PerlAccessHandler PAPI::Main
    <PAPI_Local>
       Service_ID Romain_GPoA
       GPoA_Priv_Key /usr/local/PAPI/gpoaKey.pem
    </PAPI_Local>
 </Location>

</IfModule>

________________________________________________________________________

I am using ldap :

# tpm.fr
dn: dc=tpm,dc=fr
objectClass: domain
dc: racine

# group, tpm.fr
dn: cn=group,dc=tpm,dc=fr
objectClass: papiGroup
papiGroupId: 1

# rdupre, tpm.fr
dn: cn=rdupre,dc=tpm,dc=fr
objectClass: papiUser
papiGroupId: 1
papiSiteId: 2
uid: rdupre
userPassword:: e01ENX1mSzlML1FQelZHRlJSK1VKZ1o1SWlnPT0=

# php_protect, tpm.fr
dn: cn=php_protect,dc=tpm,dc=fr
objectClass: papiSite
papiSiteId: 2
papiSiteTtl: 180
papiSiteService: php_protect
papiSitePoA: http://papi.tpm.fr
papiSiteLocation: /php_protect
papiSiteAccess: /sample_auto.php
papiSiteAuth: /gpoa/cookie_handler.cgi
papiSiteAcceptURL: http://papi.tpm.fr/access_granted.jpg
papiSiteRejectURL: http://papi.tpm.fr/access_denied.jpg
description: protected_php

__________________________________________________________________________

That is what i get in the GPoA apache error_log:


[Mon Apr  3 16:40:43 2006] [error] [client 10.6.1.40] PAPI-
DEBUG#10350_1144075243_Romain_GPoA: Parameters initialized:$VAR1 = bless( 
{\n                 'RwUser' => undef,\n                 'attrList' => 
[],\n                 'filters' => [],\n                 'PxCkSize' => 
320768,\n                 'ApacheRequest' => bless( do{\\(my $o = 
135972180)}, 'Apache' ),\n                 'Hcook_Handler' => 
undef,\n                 'SPOCPAct' 
=> 'accept',\n                 'registerVal' 
=> '',\n                 'SPOCPAcc' => 0,\n                 'formProc' => 
{},\n                 'Athens_uia' => undef,\n                 'Domain' 
=> 'papi.tpm.fr',\n                 'PADATH_HDD' => 
undef,\n                 'RewUrlPatterns' => 
[],\n                 'redirects' => [],\n                 'RewMimeTypes' 
=> undef,\n                 'cookieRejects' => 
[],\n                 'RwAll' => undef,\n                 'AttSep' => 
undef,\n                 'Loc' => '/GPoA',\n                 'MaxTtl' => 
undef,\n                 'HttpAuth' => [],\n                 'Req_DB' => 
undef,\n                 'Hkey' 
=> 'd41d8cd98f00b204e9800998ecf8427e',\n                 'Remote_Dom' => 
undef,\n                 'Serv' => 'Romain_GPoA',\n                 'Id' 
=> '10350_1144075243_Romain_GPoA',\n                 'Athens_AAP' => 
undef,\n                 'Lkey' 
=> '3dcfcb769163c70d37e5134ec461bccd',\n                 'Athens_psa' => 
undef,\n                 'EvalPx' => 
undef,\n                 'Pubkeys_Path' 
=> '/usr/local/PAPI',\n                 'Remote_Serv' => 
undef,\n                 'ValSep' => undef,\n                 'Hcook_DB' 
=> '/usr/local/PAPI/GPoA_hcook.db',\n                 'GPoA_Priv_Key' 
=> '/usr/local/PAPI/gpoaKey.pem',\n                 'Accept_File' 
=> '/etc/httpd/htdocs/access_granted.jpg',\n                 'NoXML' => 
undef,\n                 'HashUser' => 
undef,\n                 'registerKey' => '',\n                 'HcookGen' 
=> undef,\n                 'URL_Timeout' 
=> '200',\n                 'MxNonceErr' => 3,\n                 'PoARw' 
=> [],\n                 'Auth_Location' 
=> '/gpoa/cookie_handler.cgi',\n                 'PAPI::ApachePoA' => 
undef,\n                 'rawHcook' 
=> '',\n                 'GPoAHashUser' => 
undef,\n                 'SPOCPSrv' => 
undef,\n                 'CRC_Timeout' 
=> '30',\n                 'RejUrlPatterns' => 
[],\n                 'Athens_Key' => undef,\n                 'Proxy' => 
undef,\n                 'AddressInToken' => 
undef,\n                 'StripLocation' => 
undef,\n                 'Debug' => '1',\n                 'Athens_IID' => 
undef,\n                 'Athens_TTL' => 
undef,\n                 'GPoA_URL' => 
undef,\n                 'Lcook_Timeout' => '60',\n                 'PxIP' 
=> undef,\n                 'ases' => 
{\n                             'Romain_AS' => 
{\n                                              'desc' 
=> 'My_AS',\n                                              'url' 
=> 'http://papi.tpm.fr/cgi-
bin/AuthServer'\n                                            }
\n                           },\n                 'Reject_File' 
=> '/etc/httpd/htdocs/access_denied.jpg',\n                 'PADATH_LAA' 
=> undef\n               }, 'PAPI::ApachePoA' );\n
[Mon Apr  3 16:40:43 2006] [error] [client 10.6.1.40] PAPI-
DEBUG#10350_1144075243_Romain_GPoA: Processing 
request: /GPoA/gpoa/cookie_handler.cgi
[Mon Apr  3 16:40:43 2006] [warn] [client 10.6.1.40] 
PAPI#10350_1144075243_Romain_GPoA: Lcook is empty
[Mon Apr  3 16:40:43 2006] [notice] [client 10.6.1.40] 
PAPI#10350_1144075243_Romain_GPoA: Hcook is empty
[Mon Apr  3 16:40:43 2006] [warn] [client 10.6.1.40] 
PAPI#10350_1144075243_Romain_GPoA: Error testing authZ tokens at GPoA for 
http:/papi.tpm.fr:80/php_protect/sample_auto.php
[Mon Apr  3 16:40:43 2006] [error] [client 10.6.1.40] File does not 
exist: /usr/local/as/htdocs/papi.tpm.fr:80/php_protect/sample_auto.php

_________________________________________________________________________

Here is the AS/web hosting apache error log : 

[Mon Apr  3 16:40:39 2006] [error] [client 10.6.1.40] File does not 
exist: /etc/httpd/htdocs/php_protect/gpoa/cookie_handler.cgi

_________________________________________________________________________

And finaly the AS log : 

2006 Apr  3 16:40:39 PAPI::AuthServer[10578]: Host: 10.6.1.40. Assertion 
rdupre for http://papi.tpm.fr/php_protect/gpoa/cookie_handler.cgi 
generated. Userid: rdupre
2006 Apr  3 16:40:39 PAPI::AuthServer[10578]: Host: 10.6.1.40. User: 
rdupre. Operation LOGIN accepted. Userid: rdupre




The authentication is ok but i can't get the accept/deny image and when i 
click on the link to the php protected page (i am using the example page 
sample_auto.php), i am redirected to :

http://papi.tpm.fr:8080/papi.tpm.fr:80/php_protect/sample_auto.php?
ACTION=CHECKED&DATA=x2G.......

I am sure it is just something i do not understand in the conf and i need 
your great knowledge to help me.

I hope i am not boring you with my problems.

Regards,
Romain Dupre.

ATOM RSS1 RSS2