On Jun 30, 2008, at 2:26 PM, Mark Montague wrote: > On Mon, Jun 30, 2008 4:13 PM, Sacha Michel Mallais <[EMAIL PROTECTED] > > wrote: >> I'm trying to set up a cosign Apache module on my Mac OS X Server >> 10.4.8 machine. I'm using UM's cosign server for authentication, >> with the service set to "smtest". One thing I'm wondering is if >> the smtest service no longer exists on the UM side, but really, >> what I'd like to know is how to get more information about what is >> failing. The only thing I can see is in the error log: "connect: >> Operation timed out", so if anyone has any ideas as to how to get >> more logging output, that would be really helpful. > > Getting more logging output is unlikely to help here, as the > connection timed out. Your server won't really know the reason why > the connection timed out, and so won't be able to log it. > > As a first step, make sure you do not have a firewall or other > system blocking outgoing access from your machine to port 6663 of > the cosign weblogin servers. Using telnet is a good way to do this; > you should see something like this (replace "weblogin.example.com" > below with the fully qualified domain name of the cosign weblogin > server that you are using): > > $ telnet weblogin.example.com 6663 > Trying 10.0.0.1.. > Connected to weblogin.example.com. > Escape character is '^]'. > 220 2 Collaborative Web Single Sign-On > > If you see the " 220 2 Collaborative Web Single Sign-On" banner, > type "QUIT" and press RETURN -- you're able to open a connection, > and the cause of your problem is a mystery (contact [EMAIL PROTECTED] > and send us your cosign filter configuration together with the CN of > the certificate that you are using with cosign). > > If you do not see the "220 2 Collaborative Web Single Sign-On" > banner, then check your networking and firewall configuration.
That's got it... thanks a lot! My problem was I only opened the port on the virtual host ip, but it sends on the canonical ip. The next problem is that its complaining that it can't connect to any server: snet_starttls: error:14090086:lib(20):func(144):reason(134) snet_starttls: error:14090086:lib(20):func(144):reason(134) snet_starttls: error:14090086:lib(20):func(144):reason(134) snet_starttls: error:14090086:lib(20):func(144):reason(134) Unable to connect to any Cosign server. I found this message talking about problems with certs: http://weblogin.org/cosign-discuss/msg00222.html . I'm using a self-signed cert, is that bad? Do I need to have my cert signed by someone at the cosign server? sacha -- Sacha Michel Mallais Senior Developer / President Global Village Consulting Inc. http://www.global-village.net/ PGP Key ID: 7D757B65 AIM: smallais ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
