CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: file not found error



Hi Johanna,

Auuggghhh!  This thing is driving me buggy.  Anyway,  I think I got rid of the earlier problem wiht the file not found error.  It was in the access.conf file.  If I turn Cosign on for the entire vhost without turning it off under the root directory, I get a file not found error I believe because the daemon is trying to find the cookie.  However, if I turn off the root directory, I get this in my apache log as soon as I try to access https://judsonhp.judsoncollege.edu/services/index.html

Fri Nov 12 10:32:51 2004] [notice] SIGHUP received.  Attempting to restart
[Fri Nov 12 10:32:51 2004] [notice] Apache/1.3.31 (Unix) PHP/4.3.7 mod_ssl/2.8.1
9 OpenSSL/0.9.7e configured -- resuming normal operations
[Fri Nov 12 10:32:51 2004] [notice] Accept mutex: fcntl (Default: fcntl)
[Fri Nov 12 10:33:13 2004] [error] mod_cosign: Cosign is not configured correctl
y:
[Fri Nov 12 10:33:13 2004] [error] mod_cosign: CosignHostname not set.
[Fri Nov 12 10:33:13 2004] [error] mod_cosign: CosignRedirect not set.
[Fri Nov 12 10:33:13 2004] [error] mod_cosign: CosignService not set.
[Fri Nov 12 10:33:13 2004] [error] mod_cosign: CosignPostErrorRedirect not set.
error_log

here is my vhost, which I have tried to set up similar to yours for now.

<VirtualHost judsonhp.judsoncollege.edu:443>
 ServerName judsonhp.judsoncollege.edu
DocumentRoot /opt/apache/cosign/html
AddHandler          cgi-script      .cgi
DirectoryIndex      basiccosign.cgi index.html index.php index.htm index.shtml
Alias /images/ /opt/apache/images/
SSLEngine on
SSLCertificateFile /opt/apache/etc/ssl.crt/server.crt
SSLCertificateKeyFile /opt/apache/etc/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0


<Directory /opt/apache/cosign/html>
CosignProtected Off
Options ExecCGI
AllowOverride None
AuthType Basic
AuthName "Faculty Access"
AuthLDAPURL ldap://judsonhp.judsoncollege.edu:1389/cn=basic,cn=camSignons,cn=Jud
son,cn=Authentication Data,o=Cognos,c=CA?cn?
require valid-user
order allow,deny
allow from all
</Directory>


<Directory /opt/apache/cosign/html/services>
CosignProtected On
Options ExecCGI
AllowOverride None
order allow,deny
allow from all
</Directory>

Alias /weblogin/ /opt/apache/cosign/html/
CosignProtected         On
CosignHostname          judsonhp.judsoncollege.edu
CosignRedirect          https://judsonhp.judsoncollege.edu/weblogin/
CosignPostErrorRedirect https://judsonhp.judsoncollege.edu/weblogin/post_error.h
tml
CosignService           cosign
CosignCrypto            /opt/apache/cosign/CA/ca.key /opt/apache/cosign/CA/ca.crt /opt/apache/cosign/CA
</VirtualHost>

I was also getting an unknown ca error for awhile, but it went away, I believe, when I changed the perms on the CA directory to 777.  Either that or I have somehow taken a step backwards and I will hit that error again.  Please note I am using the basic auth.  Also, I do not have a cgi-ssl directory.

Any input would be most appreciated!

thanks

jim


-----Original Message-----
From: johanna bromberg craig [mailto:canna@xxxxxxxxx]
Sent: Monday, November 08, 2004 2:49 PM
To: Goldrick, Jim
Subject: Re: file not found error


this is with basicauth, right? Here's what i believe to be a working  
conf :)
On the port 80 ( 8080, in my case ) we have merely:

CosignProtected Off

on the :443 ( :8443 we have )

<VirtualHost _default_:8443>

DocumentRoot        /usr/local/projects/cosign/html/
ScriptAlias         /cosign-bin/ /usr/local/projects/cosign/cgi-ssl/
AddHandler          cgi-script      .cgi
ErrorDocument       404    https://beothuk.web.itd.umich.edu:8443/
DirectoryIndex      basiccosign.cgi index.html index.php index.htm  
index.shtml

<Directory  /usr/local/projects/cosign/html/>
     Options ExecCGI
     AuthUserFile /usr/local/users/canna/.htpasswd
     AuthName "Demasduit's Dream"
     AllowOverride All
     AuthType Basic
     CosignProtected Off
</Directory>

CosignHostname weblogin.umich.edu
CosignRedirect https://weblogin.umich.edu/
CosignPostErrorRedirect http://www.umich.edu/~canna
CosignService jojo
CosignCrypto /usr/local/etc/apache/certs/beothuk.key  
/usr/local/etc/apache/certs/beothuk.cert /usr/local/etc/apache/certs

CosignProtected On

something like that.

maybe you can send cosign@xxxxxxxxx your httpd.conf and we can check it  
out

-J




On Nov 4, 2004, at 6:10 PM, Goldrick, Jim wrote:

> I'm still getting the same errors.  One thing, I never get prompted  
> for any type of authentication.  Can someone send me an example of  
> their http.conf/access.conf file that pertains to Cosign (Directory's  
> and Virtual hosts)?  It seems like a configuration problem, but I sure  
> can't find it.
>  
> thanks!
>  
> jim
>  
>  
> -----Original Message-----
> From: Goldrick, Jim
> Sent: Wednesday, November 03, 2004 5:18 PM
> To: 'cosign-discuss@xxxxxxxxx'
> Subject: file not found error
>
> Hi,
>  
> Since this is a different issue, I thought I would open a new post.   
> When trying to connect to  
> https://judsonhp.judsoncollege.edu:444/index.html, which is my doc  
> root that I have set for cosign,
> the browser hangs and I get this in my syslog:
>
>
> Nov  3 16:59:06 judsonhp cosignd[9620]: connect: 10.100.0.142
> Nov  3 16:59:06 judsonhp cosignd[9620]: service_to_login:  
> cosign-cosign=4tWOHyU+
> IzH9Usx+QfgsVwOCrtO0EHsPFjtUaKPx80TdhemR2ld8yA9rcsX4IDUU15s1sztTyvMOfv5 
> 0Es7-ML-Z
> IY3j1OLCC8SdKdq+7FZJoqRh8wgMjtXC43v9: No such file or directory
> Nov  3 16:59:06 judsonhp cosignd[9612]: service_to_login:  
> cosign-cosign=+0QwqH3j
> F8DFbplXVjr3gNKIMaDsU0B+W2ArWpBZPGGtnzOKYX0CjuE88QtIoDgsIp6b1lVJJ47o6ZQ 
> cGABBt-CY
> kpAa-F2EAzejAGJnFicEg11BCz0ifSxK7q8g: No such file or directory
> Nov  3 16:59:07 judsonhp cosignd[9613]: service_to_login:  
> cosign-cosign=DGzMJLge
> vfaJBAtWQdLx+Yo7QkI6KWF9aFueZ3s1jwXo9Usdk6nkYLfBAaoeUP+eSVgsSnJxLriwYU7 
> owBnKAm4n
> xIi3Bs8JwgwAznkK2ZPB-r1P1g6NmOF+uwdh: No such file or directory
> syslog.log: END
>  
> and this in my apache error_log (I assume because the file is not  
> found):
>  
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> choose another connection: 533 CHECK: cookie not in db!
> What file is the error referring to?  I have the html and templates  
> directories setup in /opt/apache/cosign.  Where should the  
> basicosign.cgi be?  In the web root?  Here is my Virtual host:
>  
> VirtualHost judsonhp.judsoncollege.edu:444>
>  ServerName judsonhp.judsonocollege.edu
> DocumentRoot /opt/apache/carsi-test/share/htdocs/
> ScriptAlias /cgi-bin/ /opt/apache/carsi-test/share/cgi-bin/
> Alias /images/ /opt/apache/images/
> SSLEngine on
> SSLCertificateFile /opt/apache/xxx/xxxxxx/xxxxxx.xxx
> SSLCertificateKeyFile /opt/apache/xxx/xxxxxxx/xxxxx.xxxx
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>  
>
> CosignProtected         On
> CosignHostname          acadinfo.judsoncollege.edu
> CosignRedirect          /weblogin/
> CosignPostErrorRedirect /weblogin/post_error.html
> CosignService           cosign
> CosignCrypto            /opt/apache/xxxxxx/xxxxxxx/cakey  
> /opt/apache/xxxxxx/xxxxxx/ca /opt/apache/xxxxxxxx/xxxxxxxx
>
> </VirtualHost>
>  
> Here is the doc root directory:
>
> #this is so the cosign login will run from / of DocRoot
> <Directory /opt/apache/carsi-test/share/htdocs>
> DirectoryIndex      basiccosign.cgi index.html
> AddHandler          cgi-script      .cgi
> AllowOverride None
> Options FollowSymLinks ExecCGI
> order deny,allow
> allow from all
> AuthType Basic
> AuthName "Faculty Access"
> AuthLDAPURL  
> ldap://judsonhp.judsoncollege.edu:1389/cn=basic,cn=camSignons,cn=Jud
> son,cn=Authentication Data,o=Cognos,c=CA?cn?
> require valid-user
> <Files *.css>
> order allow,deny
> allow from all
> </Files>
> <Files *.js>
> order allow,deny
> allow from all
> </Files>
>
>
> So I am not quite sure what to do.  The acadinfo.judsoncollege.edu  
> hostname is just a virtual ip for the judsonhp host.  If I remove the  
> cosign settings in the virtual host, I can get to the index.html after  
> authenticating.
>  
> FYI, I am using a self-signed cert.
>  
> thanks much!
>
>
>
> Jim Goldrick
> Judson College
> 573-335-7074
>  jgoldrick@xxxxxxxxxxxxxxxxx
>  
>  !DSPAM:418ab7759298977415678!



 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010