I think I'm most of the way there getting Cosign 3.0.2 setup but I'm stuck on the Apache/redirect portion. Authentication is working and I believe the cookies are getting issues successfully, can someone have a look and let me know what I'm missing? Thanks in advance, I know this is a lot to look through but I'm so close to having this running and so completely unsure why it's not working. Please see the info below on my setup:
Cosign Server: /etc/cosign/cosign.conf # Cosign CAS Config File set cosigncadir /etc/cosign/certs/ca set cosigncert /etc/cosign/certs/login.company.com.crt set cosignkey /etc/cosign/certs/login.company.com.key cgi login\.company\.com service cosign-plone https://web01.company.com/cosign/valid 0 web01\.company\.com set cosignhost login.company.com factor /var/lib/cosign/factor/ldap login password set cosignlogouturl https://login.company.com/ set cosignloopurl https://login.company.com/looping.html set cosigntmpldir /var/www/html/login-templates/ /etc/httpd/conf.d/login.conf Redirect /services/ https://login.company.com/logout <Directory "/var/www/html/login/"> DirectoryIndex cosign.cgi AddHandler cgi-script .cgi Options ExecCGI <Files "logout"> SetHandler cgi-script </Files> </Directory> /etc/httpd/conf/httpd.conf <VirtualHost *:443> <Proxy *> Order deny,allow Allow from all </Proxy> CosignProtected Off CosignHostname login.company.com CosignValidReference ^https://.*\.company\.com(/.*)? CosignValidationErrorRedirect http://login.company.com/validation_error.html CosignRedirect https://login.company.com/cosign-bin/cosign.cgi CosignPostErrorRedirect https://login.company.com/cosign/post_error.html CosignCrypto /etc/cosign/certs/login.company.com.key /etc/cosign/certs/login.company.com.crt /etc/cosign/certs/ca <Location /cosign/valid> SetHandler cosign CosignProtected Off Allow from all Satisfy any </Location> Alias /cosign/ "/var/www/html/login/html/" ScriptAlias /cosign-bin/ "/var/www/html/login/cgi-ssl/" Alias /services/ "/var/www/html/login/services/" </VirtualHost> Cosign Client (running Plone): /etc/httpd/conf/httpd.conf <VirtualHost *:443> UseCanonicalName On SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/web01.company.com.crt SSLCertificateKeyFile /etc/pki/tls/private/web01.company.com.key SSLCACertificateFile /etc/pki/tls/certs/ca.crt <Proxy *> Order deny,allow Allow from all </Proxy> CosignProtected Off CosignHostname login.company.com CosignValidReference ^https://.*\.company\.com(/.*)? CosignValidationErrorRedirect http://login.company.com/validation_error.html CosignRedirect https://login.company.com/cosign-bin/cosign.cgi CosignPostErrorRedirect https://login.company.com/cosign/post_error.html CosignService plone CosignCrypto /etc/pki/tls/private/web01.company.com.key /etc/pki/tls/certs/web01.company.com.crt /etc/pki/tls/certs <Location /cosign/valid> SetHandler cosign CosignProtected Off Allow from all Satisfy any </Location> <Location /plone> CosignProtected On RequestHeader set X_REMOTE_USER %{remoteUser}e </Location> RewriteEngine On # Put Apache-specified username in headers: RewriteRule ^/(.*)$ http://127.0.0.1:8080/VirtualHostBase/https/%{SERVER_NAME}:443/VirtualHostRo ot/$1 [L,P,E=remoteUser:%{LA-U:REMOTE_USER}] </VirtualHost> <VirtualHost *:80> RequestHeader unset X_REMOTE_USER </VirtualHost> When I attempt to access the Plone page at web01.company.com the first time, it correctly redirects to the Cosign login page and I can successfully authenticate (or fail with invalid credentials). Once I authenticate successfully my problems start, it seems to redirect back to the Plone web server correctly but I think this is where it's failing - or the Apache Cosign module isn't picking things up to authenticate the cookie/user. The helloCosign test scrips are failing, the user in the headers isn't being recognized and I don't know why. Also I think it's not getting the correct Plone URL (http://web01.company.com/plone works fine) redirected back, but I don't know. Here's the URL redirected back when Zope reports the error of Resorce not found - Resource: cosign GET: https://web01.company.com/cosign/valid?cosign-plone=UPnfK3hsxrHRqETM+sC+LQkW ZH25xVGqhRluVMfHqcKTHWi1vcFGUI1kIFLF6BYHxN1+ktt7Jv5WStPvypkRKVZkGP7J4tRk2hJA EWVExiXWgSzonNpVtN8z2k6Q <https://web01.company.com/cosign/valid?cosign-plone=UPnfK3hsxrHRqETM+sC+LQk WZH25xVGqhRluVMfHqcKTHWi1vcFGUI1kIFLF6BYHxN1+ktt7Jv5WStPvypkRKVZkGP7J4tRk2hJ AEWVExiXWgSzonNpVtN8z2k6Q&https://web01.company.com/plone> &https://web01.company.com/plone I've also been getting a lot of loop errors, not sure why. Any help is greatly appreciated! Thanks, Josh
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
