Hi Josh, Yes, cryptkey is owned by apache and writable:
drwxr-xr-x 2 apache apache 57 Sep 13 12:49 cryptkey Also the files in cryptkey are writable by apache: -rw-r--r-- 1 apache apache 1 Sep 13 12:49 cryptkeyid -rw------- 1 apache apache 3394 Sep 13 12:49 private.pem Thanks for your help with this, Josh. Sorry to be such a pain. -- Al Quiros Enterprise Systems On 10/12/18, 1:37 PM, "Josh Thompson" <[email protected]> wrote: Hi Al, It sounds like your .ht-inc/cryptkey directory on the web server is not writable. The testsetup.php script should report if it is or not. Manually making this writable is described toward the end of step 2 under "Install and Configure the Web Components" at this URL: https://vcl.apache.org/docs/VCL25InstallGuide.html Josh On Friday, October 12, 2018 7:50:59 AM EDT Evelio Quiros wrote: > Hi All, > > Could there be some missing field in my configuration that is causing this > ? Or could it be a code issue with the shibboleth authentication part ? > It’s really strange that the shib auth throws a SQL error. > > When I try to log in to the new VCL installation, it does take me to my > authentication page, where I enter my credentials. That part works fine. > It’s only when I get redirected back that I get an error message on the > browser, then an email with the message below: The error message doesn’t > seem to include the entire MySQL line, just a piece of it. Is there a piece > of the shibboleth configuration that I am missing ? What are the > “WebSecrectKeys” that the backtrace is mentioning ? Could it be the > shibboleth authentication token ? > > You have an error in your SQL syntax; check the manual that corresponds to > your MariaDB server version for the right syntax to use near ') AS s LEFT > JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id' at > line 1 > SELECT ck.id as cryptkeyid, ck.pubkey as cryptkey, s.id as > secretid, s.cryptsecret AS mycryptsecret FROM cryptkey ck JOIN (SELECT > secretid as id, cryptsecret FROM cryptsecret WHERE cryptkeyid = ) AS s LEFT > JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id) WHERE > ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id != > > -- Al Quiros > Enterprise Systems > > > > On 10/11/18, 1:21 PM, "Evelio Quiros" <[email protected]> wrote: > > Hi All, > > I am working on a new VCL 2.5 installation using Shibboleth. > > The test script in the documentation seems to work correctly. > But when I try to log into the new VCL using Shibboleth, I get a > MySQL error: > You have an error in your SQL syntax; check the manual that > corresponds to your MariaDB server version for the right syntax to use near > ') AS s LEFT JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid > = s.id' at line 1 SELECT ck.id as cryptkeyid, ck.pubkey as cryptkey, s.id > as secretid, s.cryptsecret AS mycryptsecret FROM cryptkey ck JOIN (SELECT > secretid as id, cryptsecret FROM cryptsecret WHERE cryptkeyid = ) AS s LEFT > JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id) WHERE > ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id != ERROR(101): > General MySQL error > Mode was > > Backtrace: > =-=-=-=-=-=-=-=-=-=-=-= > Call#:1 => index.php:addLoginLog() (line#:187) > Call#:2 => authentication.php:checkMissingWebSecretKeys() > (line#:580) Call#:3 => utils.php:doQuery() (line#:3075) > > Backtrace with Arguments: > =-=-=-=-=-=-=-=-=-=-=-= > Call#:1 => index.php:addLoginLog() (line#:187) > Arguments(4) > > Argument#: 1 => evquir@FIU > Argument#: 2 => shibboleth > Argument#: 3 => 3 > Argument#: 4 => 1 > ----------------------- > Call#:2 => authentication.php:checkMissingWebSecretKeys() > (line#:580) Arguments(none): > ----------------------- > Call#:3 => utils.php:doQuery() (line#:3075) > Arguments(1) > > Argument#: 1 => SELECT ck.id as cryptkeyid, ck.pubkey as > cryptkey, s.id as secretid, s.cryptsecret AS mycryptsecret FROM cryptkey ck > JOIN (SELECT secretid as id, cryptsecret FROM cryptsecret WHERE cryptkeyid > = ) AS s LEFT JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid > = s.id) WHERE ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id != > ----------------------- > > Any ideas on what could be causing this issue ? > > Thanks, > -- Al Quiros > Enterprise Systems > > > > > > > > -- ------------------------------- Josh Thompson Systems Programmer Platform Computing | VCL Developer North Carolina State University [email protected] 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
