Romain Dupre wrote:
> I read the PoA.php file and at the line 205, if this is not the https
> protocol, you use http:/ to build the PoAURL. So i change this for http://
> and then i get the correct protected page.
Thanks, Romain! We made a mistake when uploading the 1.2 distribution to
the FTP and it has the error (debugged away two or three CVS versions
before) in it. I've updated it.
> But "Authentication/Authorization result" and "userAssertion" are empty.
> So my problem is not completely solve...
Bear in mind that phpPoA passes the access decision to the application.
The page is no longer protected by an Apache module (as in core PAPI).
Is up to the PHP application to decide what to de with the "AA result"
or with userAssertion.
That's why you are getting the page even if (as the logs show) the
authentication to the GPoA is not working well: it does not detect
any cookie when it receives the redirection from the phpPoA.
And this is happening because you are addressing the wrong site
for your LOGIN request from the AS. The phpPoA is a subordinate
PoA of the GPoA and it is unable to deal with AS requests, hence
why you don't receive the acceptance/reject image. phpPoA just
trusts its GPoA, that is the one you must sent your initial
authentication against. This model allows you to have one thousands
subordinated (php)PoAs below a single GPoA and just making the
AS send one LOGIN operation to the GPoA.
So you should define the site in your LDAP as follows:
# gpoa, tpm.fr
description: Romain's GPoA
"Esta vez no fallaremos, Doctor Infierno"
Dr Diego R. Lopez
Red.es - RedIRIS
The Spanish NREN
e-mail: [log in para visualizar]
jid: [log in para visualizar]
Tel: +34 955 056 621
Mobile: +34 669 898 094