PAPI Archivos

The PAPI authentication and authorization framework

PAPI@LISTSERV.REDIRIS.ES

Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Mostrar todas las cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
Subject:
Emisor:
Luis Melendez <[log in para visualizar]>
Reply To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Fecha:
Fri, 2 Feb 2007 19:13:33 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (256 lines)
Hello, I am going to try to give you some help, although I am not a PAPI
guru.

The images may be specified in the AS (acceptURL, rejectURL) and in the
PoA (Accept_File, Reject_File).
If you define them in the AS, they have precedence, and the values you
have assigned to them in
your AS config are not right (they are not images).

For the problem with cookies, it would be interesting to take a look at
yout basicAuthDB file and the
*Hook values in the AS conf, but maybe the problem is that you are
defining Auth_Location without
an initial slash (PAPI/cookie_handler.cgi). If that occurs in your
basicAuthDB file, it should fail.
Are there errors in the Apache log regarding accesses to
/manualPAPI/cookie_handler.cgi?

Best regards.



Krishan Purahoo wrote:

>Hi,
>   I am currently looking into PAPI to share web contents.
>I have installed PAPI-AS and PAPI-POA, on two different
>apache servers (running on the same machine on different ports).
>
>AS - port 8085
>POA - port 8088
>
>I am having a couple of problems,
>
>first: no image after authenticating on AS.
>second: lccok & hcook empty when accessing POA
>
>
>Connecting to the PAPI-AS, I can authenticate successfully using
>BasicAuth and also IMAP.
>
>
>After successfully authenticating (using both methods above), the next
>screen I get is, the following
>
>----
>
>The server has accepted your authentication data
>
>You can now access the resources included in the following list, simply
>clicking on the corresponding link.
>
>The symbol to the left of the links indicates whether the resource is
>available or not.
>
>----------------------------------------------------------------------------
>You can check the status of your credentials using the Test button, or erase
>the credentials currently stored by your browser using the Logout button.
>
>It is also possible to change the status of your credentials accessing again
>the Authentication Server.
>----
>
>
>I do not get the accept/reject image or the default POA listed
>after authenticating.
>
>With the BasicAuth method, I only get <POA URL> that is listed in
>my basic authentication database.
>
>Do I need to set an Image URL? where?
>
>
>Here are some of my configurations:-
>
>AS - AuthServer.cf
>
>my $authType = "imap";
>
>$$cfg{asLocation} = 'http://jactest:8085/cgi-papi/AuthServer';
>$$cfg{serverID} = 'foo-as';
>$$cfg{privateKey} = 'privateKey.pem';
>
>$$cfg{acceptURL} = 'http://jactest:8088/manual/LICENSE';
>$$cfg{rejectURL} = 'http://jactest:8088/manual/';
>
># Default values for the PoA(s)
>#
>$$cfg{defTimeToLive} = 1800;
>$$cfg{defLocation} = '/manual';
>$$cfg{defService}= 'bar-poa';
>$$cfg{defPoA} = 'http://jactest:8088/';
>$$cfg{defDescription} = 'Sample PAPI PoA';
>$$cfg{defAuthURI} = 'PAPI/cookie_handler.cgi';
>$$cfg{defAccessURI} = 'index.html';
>
>$$cfg{IMAPServer} = "my-imapserver";
>
>
>** All the other settings are the default in the AuthServer.cf file **
>
>
>My PAPI-POA - httpd.conf file
>
>PerlModule PAPI::Conf
>
><PAPI_Main>
>  HKEY_File /usr/local/depot/PAPI/AS/etc/hkey
>  LKEY_File /usr/local/depot/PAPI/AS/etc/lkey
>  Hcook_DB /usr/local/depot/PAPI/AS/etc/hcookdb
>  Server bar-poa
>  PAPI_AS foo-as http://jactest:8085/cgi-papi/AuthServer MY_AS
>  Pubkeys_Path /usr/local/depot/PAPI/AS/etc
>  Lcook_Timeout 1800
>  CRC_Timeout 1800
>  URL_Timeout 1800
>  Debug 1
>  Domain mydomain.uk
>  Accept_File /usr/local/depot/PAPI/apache_1.3.37/icons/ball.red.png
>  Reject_File /usr/local/depot/PAPI/apache_1.3.37/icons/ball.gray.png
>  Auth_Location PAPI/cookie_handler.cgi
>  Debug 1
></PAPI_Main>
>
>
>    alias /papi /usr/local/depot/PAPI/AS/etc/
>
>    <Location /papi >
>        PerlSendHeader On
>        PerlAccessHandler PAPI::Main
>    </Location>
>
>    <Location /manual >
>        PerlSendHeader On
>        PerlAccessHandler PAPI::Main
>        <PAPI_Local>
>                Server local
>                PAPI_Filter default
>        </PAPI_Local>
>    </Location>
>
>Log file for AS.
>
>2007 Feb  2 15:20:20 PAPI::AuthServer[12319]: Host: 165.239.30.149. User:
>kpur. Operation LOGIN accepted. Userid: kpur
>2007 Feb  2 15:54:14 PAPI::AuthServer[19535]: Host: 165.239.30.149. User:
>kpur. Operation LOGIN accepted. Userid: kpur
>2007 Feb  2 16:07:10 PAPI::AuthServer[24961]: Host: 165.239.30.149. User:
>kpur. Operation LOGOUT accepted. Userid: kpur
>2007 Feb  2 16:07:27 PAPI::AuthServer[24979]: Host: 165.239.30.149. User:
>kpur. Operation LOGIN accepted. Userid: kpur
>
>
>POA:
>====
>
>When I try to access (POA) http://jactest:8088/manual, I get '403 forbidden'
>and the following logs
>
>httpd_error.log  (POA)
>
>[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16284_1170430608_local: Processing request: /manual
>[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16284_1170430608_local: Main Processing request: /manual
>[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16284_1170430608_local: Processing request: /manual
>[Fri Feb  2 15:36:48 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16284_1170430608_local: Main: Cookies received:\n Hcook=##, Lcook=##
>[Fri Feb  2 15:36:48 2007] [warn] [client 165.239.30.149]
>PAPI#16284_1170430608_local: Lcook is empty
>[Fri Feb  2 15:36:48 2007] [notice] [client 165.239.30.149]
>PAPI#16284_1170430608_local: Hcook is empty
>[Fri Feb  2 15:36:48 2007] [warn] [client 165.239.30.149]
>PAPI#16284_1170430608_local: Forbidden access to /manual
>[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16285_1170433996_local: Parameters initialized:$VAR1 = bless( {\n
>                'RwUser' => undef,\n                 'attrList' => [],\n   
>             'filters' => [\n                                'default'\n   
>                          ],\n                 'PxCkSize' => 320768,\n     
>           'ApacheRequest' => bless( do{\\(my $o = 139073428)}, 'Apache'
>),\n                 'Hcook_Handler' => undef,\n                 'SPOCPAct'
>=> 'accept',\n                 'registerVal' => '',\n                
>'SPOCPAcc' => 0,\n                 'formProc' => {},\n                
>'Athens_uia' => undef,\n                 'Domain' => 'jet.uk',\n           
>     'PADATH_HDD' => undef,\n                 'RewUrlPatterns' => [],\n    
>            'redirects' => [],\n                 'RewMimeTypes' => undef,\n
>                'cookieRejects' => [],\n                 'RwAll' => undef,\n
>                'AttSep' => undef,\n                 'Loc' => '/manual',\n 
>               'MaxTtl' => undef,\n                 'HttpAuth' => [],\n    
>            'Req_DB' => undef,\n                 'Hkey' =>
>'28b4a3bd66d12a2ea75d2dbbca8bd772',\n                 'Remote_Dom' =>
>undef,\n                 'Serv' => 'local',\n                 'Id' =>
>'16285_1170433996_local',\n                 'Athens_AAP' => undef,\n       
>         'Lkey' => '0055bca3289d4a9646905f188e8284a8',\n                
>'Athens_psa' => undef,\n                 'EvalPx' => undef,\n              
>  'Pubkeys_Path' => '/usr/local/depot/PAPI/AS/etc',\n                
>'Remote_Serv' => undef,\n                 'ValSep' => undef,\n             
>   'Hcook_DB' => '/usr/local/depot/PAPI/AS/etc/hcookdb',\n                
>'GPoA_Priv_Key' => undef,\n                 'Accept_File' =>
>'/usr/local/depot/PAPI/apache_1.3.37/icons/ball.red.png',\n                
>'NoXML' => undef,\n                 'HashUser' => undef,\n                
>'registerKey' => '',\n                 'HcookGen' => undef,\n              
>  'URL_Timeout' => '1800',\n                 'MxNonceErr' => 3,\n          
>      'PoARw' => [],\n                 'Auth_Location' =>
>'PAPI/cookie_handler.cgi',\n                 'PAPI::ApachePoA' => undef,\n 
>               'rawHcook' => '',\n                 'GPoAHashUser' =>
>undef,\n                 'SPOCPSrv' => undef,\n                
>'CRC_Timeout' => '1800',\n                 'RejUrlPatterns' => [],\n       
>         'Athens_Key' => undef,\n                 'Proxy' => undef,\n      
>          'AddressInToken' => undef,\n                 'StripLocation' =>
>undef,\n                 'Debug' => '1',\n                 'Athens_IID' =>
>undef,\n                 'Athens_TTL' => undef,\n                 'GPoA_URL'
>=> undef,\n                 'Lcook_Timeout' => '1800',\n                
>'PxIP' => undef,\n                 'ases' => {\n                           
> 'foo-as' => {\n                                           'desc' =>
>'MY_AS',\n                                           'url' =>
>'http://jactest:8085/cgi-papi/AuthServer'\n                                
>        }\n                           },\n                 'Reject_File' =>
>'/usr/local/depot/PAPI/apache_1.3.37/icons/ball.gray.png',\n               
> 'PADATH_LAA' => undef\n               }, 'PAPI::ApachePoA' );\n
>[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16285_1170433996_local: Processing request: /manual
>[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16285_1170433996_local: Main Processing request: /manual
>[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16285_1170433996_local: Processing request: /manual
>[Fri Feb  2 16:33:17 2007] [error] [client 165.239.30.149]
>PAPI-DEBUG#16285_1170433996_local: Main: Cookies received:\n Hcook=##, Lcook=##
>[Fri Feb  2 16:33:17 2007] [warn] [client 165.239.30.149]
>PAPI#16285_1170433996_local: Lcook is empty
>[Fri Feb  2 16:33:17 2007] [notice] [client 165.239.30.149]
>PAPI#16285_1170433996_local: Hcook is empty
>[Fri Feb  2 16:33:17 2007] [warn] [client 165.239.30.149]
>PAPI#16285_1170433996_local: Forbidden access to /manual
>[
>
>
>
>Many Thanks in advance for any help
>
>
>krishan
>
>  
>


-- 
+----------------------------------------------^-----------------------+
| Luis Melndez Aganzo                         ^  Email: [log in para visualizar]  |
| Servicio de Informtica                      ^  Tlf: 34-(9)57-211022 |
| Analista - rea de Sistemas                  ^  Fax: 34-(9)57-218116 |
| Universidad de Crdoba (SPAIN)               ^  http://www.uco.es    |
+----------------------------------------------^-----------------------+

ATOM RSS1 RSS2