 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: file not found error
Hey Jim,
couple of things to try:
1) make sure the CosignHostname and all that come before the first
"CosignProtected On", line number wise.
2) for this dir:
<Directory /opt/apache/cosign/html/services>
CosignProtected On
Options ExecCGI
AllowOverride None
order allow,deny
allow from all
</Directory>
you just want cosignprotected on, i think, unless you're running a cgi.
you don't need the allowoveridess and the order bits, i believe.
3) also, i'm not sure about this line:
Alias /weblogin/ /opt/apache/cosign/html/
to make things easier, we put basiccosign.cgi as a DirectoryIndex, like
you have, and put it in docroot, so that
https://judsonhp.judsoncollege.edu/
would just work.
4) also, it might be easier at first to cosign protect a separate
directory or location all together ( not one that is under docroot like
that ) like a user home dir, so that we don't have to deal with the
hested complexity utnil we get the authentication part working. :)
5) When you turn off cosign, your basic auth bit works, right? :)
Keep us posted :)
-J
On Nov 12, 2004, at 11:45 AM, Goldrick, Jim wrote:
error_log
here is my vhost, which I have tried to set up similar to yours for
now.
<VirtualHost judsonhp.judsoncollege.edu:443>
ServerName judsonhp.judsoncollege.edu
DocumentRoot /opt/apache/cosign/html
AddHandler cgi-script .cgi
DirectoryIndex basiccosign.cgi index.html index.php index.htm
index.shtml
Alias /images/ /opt/apache/images/
SSLEngine on
SSLCertificateFile /opt/apache/etc/ssl.crt/server.crt
SSLCertificateKeyFile /opt/apache/etc/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Directory /opt/apache/cosign/html>
CosignProtected Off
Options ExecCGI
AllowOverride None
AuthType Basic
AuthName "Faculty Access"
AuthLDAPURL
ldap://judsonhp.judsoncollege.edu:1389/cn=basic,cn=camSignons,cn=Jud
son,cn=Authentication Data,o=Cognos,c=CA?cn?
require valid-user
order allow,deny
allow from all
</Directory>
<Directory /opt/apache/cosign/html/services>
CosignProtected On
Options ExecCGI
AllowOverride None
order allow,deny
allow from all
</Directory>
Alias /weblogin/ /opt/apache/cosign/html/
CosignProtected On
CosignHostname judsonhp.judsoncollege.edu
CosignRedirect https://judsonhp.judsoncollege.edu/weblogin/
CosignPostErrorRedirect
https://judsonhp.judsoncollege.edu/weblogin/post_error.h
tml
CosignService cosign
CosignCrypto /opt/apache/cosign/CA/ca.key
/opt/apache/cosign/CA/ca.crt /opt/apache/cosign/CA
</VirtualHost>
I was also getting an unknown ca error for awhile, but it went away, I
believe, when I changed the perms on the CA directory to 777. Either
that or I have somehow taken a step backwards and I will hit that
error again. Please note I am using the basic auth. Also, I do not
have a cgi-ssl directory.
Any input would be most appreciated!
thanks
jim
-----Original Message-----
From: johanna bromberg craig [mailto:canna@xxxxxxxxx]
Sent: Monday, November 08, 2004 2:49 PM
To: Goldrick, Jim
Subject: Re: file not found error
this is with basicauth, right? Here's what i believe to be a working
conf :)
On the port 80 ( 8080, in my case ) we have merely:
CosignProtected Off
on the :443 ( :8443 we have )
<VirtualHost _default_:8443>
DocumentRoot /usr/local/projects/cosign/html/
ScriptAlias /cosign-bin/ /usr/local/projects/cosign/cgi-ssl/
AddHandler cgi-script .cgi
ErrorDocument 404 https://beothuk.web.itd.umich.edu:8443/
DirectoryIndex basiccosign.cgi index.html index.php index.htm
index.shtml
<Directory /usr/local/projects/cosign/html/>
Options ExecCGI
AuthUserFile /usr/local/users/canna/.htpasswd
AuthName "Demasduit's Dream"
AllowOverride All
AuthType Basic
CosignProtected Off
</Directory>
CosignHostname weblogin.umich.edu
CosignRedirect https://weblogin.umich.edu/
CosignPostErrorRedirect http://www.umich.edu/~canna
CosignService jojo
CosignCrypto /usr/local/etc/apache/certs/beothuk.key
/usr/local/etc/apache/certs/beothuk.cert /usr/local/etc/apache/certs
CosignProtected On
something like that.
maybe you can send cosign@xxxxxxxxx your httpd.conf and we can check it
out
-J
On Nov 4, 2004, at 6:10 PM, Goldrick, Jim wrote:
I'm still getting the same errors. One thing, I never get prompted
for any type of authentication. Can someone send me an example of
their http.conf/access.conf file that pertains to Cosign (Directory's
and Virtual hosts)? It seems like a configuration problem, but I sure
can't find it.
thanks!
jim
-----Original Message-----
From: Goldrick, Jim
Sent: Wednesday, November 03, 2004 5:18 PM
To: 'cosign-discuss@xxxxxxxxx'
Subject: file not found error
Hi,
Since this is a different issue, I thought I would open a new post.
When trying to connect to
https://judsonhp.judsoncollege.edu:444/index.html, which is my doc
root that I have set for cosign,
the browser hangs and I get this in my syslog:
Nov 3 16:59:06 judsonhp cosignd[9620]: connect: 10.100.0.142
Nov 3 16:59:06 judsonhp cosignd[9620]: service_to_login:
cosign-cosign=4tWOHyU+
IzH9Usx+QfgsVwOCrtO0EHsPFjtUaKPx80TdhemR2ld8yA9rcsX4IDUU15s1sztTyvMOfv
5
0Es7-ML-Z
IY3j1OLCC8SdKdq+7FZJoqRh8wgMjtXC43v9: No such file or directory
Nov 3 16:59:06 judsonhp cosignd[9612]: service_to_login:
cosign-cosign=+0QwqH3j
F8DFbplXVjr3gNKIMaDsU0B+W2ArWpBZPGGtnzOKYX0CjuE88QtIoDgsIp6b1lVJJ47o6Z
Q
cGABBt-CY
kpAa-F2EAzejAGJnFicEg11BCz0ifSxK7q8g: No such file or directory
Nov 3 16:59:07 judsonhp cosignd[9613]: service_to_login:
cosign-cosign=DGzMJLge
vfaJBAtWQdLx+Yo7QkI6KWF9aFueZ3s1jwXo9Usdk6nkYLfBAaoeUP+eSVgsSnJxLriwYU
7
owBnKAm4n
xIi3Bs8JwgwAznkK2ZPB-r1P1g6NmOF+uwdh: No such file or directory
syslog.log: END
and this in my apache error_log (I assume because the file is not
found):
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
choose another connection: 533 CHECK: cookie not in db!
What file is the error referring to? I have the html and templates
directories setup in /opt/apache/cosign. Where should the
basicosign.cgi be? In the web root? Here is my Virtual host:
VirtualHost judsonhp.judsoncollege.edu:444>
ServerName judsonhp.judsonocollege.edu
DocumentRoot /opt/apache/carsi-test/share/htdocs/
ScriptAlias /cgi-bin/ /opt/apache/carsi-test/share/cgi-bin/
Alias /images/ /opt/apache/images/
SSLEngine on
SSLCertificateFile /opt/apache/xxx/xxxxxx/xxxxxx.xxx
SSLCertificateKeyFile /opt/apache/xxx/xxxxxxx/xxxxx.xxxx
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CosignProtected On
CosignHostname acadinfo.judsoncollege.edu
CosignRedirect /weblogin/
CosignPostErrorRedirect /weblogin/post_error.html
CosignService cosign
CosignCrypto /opt/apache/xxxxxx/xxxxxxx/cakey
/opt/apache/xxxxxx/xxxxxx/ca /opt/apache/xxxxxxxx/xxxxxxxx
</VirtualHost>
Here is the doc root directory:
#this is so the cosign login will run from / of DocRoot
<Directory /opt/apache/carsi-test/share/htdocs>
DirectoryIndex basiccosign.cgi index.html
AddHandler cgi-script .cgi
AllowOverride None
Options FollowSymLinks ExecCGI
order deny,allow
allow from all
AuthType Basic
AuthName "Faculty Access"
AuthLDAPURL
ldap://judsonhp.judsoncollege.edu:1389/cn=basic,cn=camSignons,cn=Jud
son,cn=Authentication Data,o=Cognos,c=CA?cn?
require valid-user
<Files *.css>
order allow,deny
allow from all
</Files>
<Files *.js>
order allow,deny
allow from all
</Files>
So I am not quite sure what to do. The acadinfo.judsoncollege.edu
hostname is just a virtual ip for the judsonhp host. If I remove the
cosign settings in the virtual host, I can get to the index.html after
authenticating.
FYI, I am using a self-signed cert.
thanks much!
Jim Goldrick
Judson College
573-335-7074
jgoldrick@xxxxxxxxxxxxxxxxx
!DSPAM:4194e925168611328518187!
|
