Hello, all!
Guys, please, help me, I'm lost completely. :(
First of all - what goal I'm trying to archieve.
I have several forums on different domains, let them be
forum.domain1.net
forum.domain2.org
forum.domain3.ua
They are as forums - users can read them without authorization, but to write
answers users need to be registered and authorized.
I want to save all these functionality, but use one auth system for all three
forums. And I'm trying to use cosign for that. I installed cosign, (including
mysql auth), friend system for create new accounts, made some fixes in code of
forum software - all is working, but only in case I set
"CosignAllowPublicAccess Off".
I use Fedora Core 7/32bit for all hosts. Here's part of my apache config for
forum virtual host (Apache/2.2.6):
------------------------------------------------------------------------------
<VirtualHost *:80>
CosignHostname weblogin.domain1.net
CosignRedirect https://weblogin.domain1.net/
CosignPostErrorRedirect https://weblogin.domain1.net/cosign/post_error.html
CosignCrypto /etc/cosign/certs/mod_cosign.key
/etc/cosign/certs/mod_cosign.crt /etc/cosign/certs/CA
CosignHttpOnly On
CosignCheckIP always
CosignProtected On
CosignAllowPublicAccess Off
CosignService forum.domain1.net
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/vhosts/domain1
ServerName forum.domain1.net
ErrorLog logs/domain1-error.log
CustomLog logs/domain1-access.log common
<Directory /var/www/vhosts/domain1/ >
Order Deny,Allow
Allow from all
</Directory>
</VirtualHost>
------------------------------------------------------------------------------
Here is apache config for cosign service weblogin.domain1.net:
------------------------------------------------------------------------------
<VirtualHost *:443>
CosignHostname weblogin.domain1.net
CosignRedirect https://weblogin.domain1.net/
CosignPostErrorRedirect https://weblogin.domain1.net/cosign/post_error.html
CosignCrypto /etc/cosign/certs/mod_cosign.key
/etc/cosign/certs/mod_cosign.crt /etc/cosign/certs/CA
# Redirect to auth
RedirectMatch ^/$ /cosign-bin/cosign.cgi
ScriptAlias /cosign-bin/ "/var/lib/cosign/cgi-ssl/"
ScriptAlias /cgi-bin/ "/var/lib/cosign/cgi-ssl/"
<Directory /var/lib/cosign/cgi-ssl/>
SSLOptions +StdEnvVars
</Directory>
# CoSign images and CSS
Alias /cosign/ "/var/lib/cosign/html/"
# Hardcoded redirect back
Redirect /services http://forum.domain1.net
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/vhosts/weblogin
ServerName weblogin.domain1.net
ErrorLog logs/ssl-error.log
CustomLog logs/ssl-access.log common
<Directory /var/www/vhosts/weblogin/ >
AllowOverride All
CosignProtected On
# Cookie name:
CosignService mod_cosign-1
Order Deny,Allow
Allow from all
</Directory>
# Friend related
#########################
Alias /friend/ /var/lib/cosign/friend/php/
<Directory /var/lib/cosign/friend/php>
# the account creation screen must not be cosign- protected :)
CosignProtected off
</Directory>
<Location /friend/acquaintance/>
SSLOptions +StdEnvVars
SSLVerifyClient require
</Location>
<Location /friend/passwd/>
CosignProtected on
</Location>
<Location /friend/invite/>
CosignProtected on
</Location>
</VirtualHost>
------------------------------------------------------------------------------
It's working, and I can check I'm authenticated by looking at COSIGN_SERVICE
and
REMOTE_USER server variables. But in this case users can't even see forum until
they are authenticated with cosign.
So I've tried to use:
CosignAllowPublicAccess On
to give unregistered users possibility to access forums as guests.
Of course in this case there is no auto-redirect from http://forum.domain1.net
to https://weblogin.domain1.net. But I've opened https://weblogin.domain1.net,
log in there and go back to http://forum.domain1.net. And neither
COSIGN_SERVICE
nor REMOTE_USER are set at http://forum.domain1.net. :( So I can't make myself
authenticated on forum.domain1.net when CosignAllowPublicAccess is set to "On".
I misunderstood something in mechanics of cosign, I fear. Please, give me a
clue. Or it's definitely impossible to use it such way I'm trying to?
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Register now and save $200. Hurry, offer ends at 11:59 p.m.,
Monday, April 7! Use priority code J8TLD2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
