Just FYI, I ran testsetup.php on the installation, and it all came back ok:
PHP version: 5.4.16
Including .ht-inc/conf.php ...
successfully included .ht-inc/conf.php
Checking COOKIEDOMAIN setting in .ht-inc/conf.php ...
COOKIEDOMAIN (webvcl01.fiu.edu) appears to be set correctly
Checking that BASEURL in conf.php is set to use https ...
BASEURL correctly set to use https
Checking that SCRIPT is set appropriately ...
SCRIPT appears to be set correctly
Checking that other required constants are defined ...
All required constants are defined in .ht-inc/conf.php
Checking that .ht-inc/maintenance directory exists ...
.ht-inc/maintenance directory exists
Checking that .ht-inc/maintenance directory is writable ...
maintenance directory is writable
Checking that .ht-inc/cryptkey directory exists ...
.ht-inc/cryptkey directory exists
Checking that .ht-inc/cryptkey directory is writable ...
cryptkey directory is writable
Checking asymmetric encryption key for this web server ...
Asymmetric key validated
Testing for required php extensions ...
All required modules are installed
Checking values in .ht-inc/secrets.php ...
all required values in .ht-inc/secrets.php appear to be set
Testing mysql connection ...
Successfully connected to mysql on dbvcl01.fiu.edu
Successfully selected database (vcl) on dbvcl01.fiu.edu
Testing symmetric encryption ...
Successfully encrypted test string
Successfully decrypted test string
Testing asymmetric encryption key files ...
successfully created private key from private key file
successfully created public key from public key file
Testing asymmetric encryption ...
successfully encrypted test string
successfully decrypted test string
Testing for existance of dojo directory ...
dojo directory exists
dojo directory is readable
Testing for existance of spyc 0.5.1 and Spyc.php ...
spyc directory exists
spyc directory is readable
.ht-inc/spyc-0.5.1/Spyc.php file exists
.ht-inc/spyc-0.5.1/Spyc.php is readable
Checking themes for dojo css ...
themes/default has had dojo css copied to it
themes/dropdownmenus has had dojo css copied to it
Checking value of PHP display_errors ...
display_errors: disabled
NOTE: Displaying errors in a production system is a security risk; however,
while getting VCL up and running, having them displayed makes debugging
a little easier. Edit your php.ini file to modify this setting.
Done
-- Al Quiros
Enterprise Systems
On 10/12/18, 2:21 PM, "Evelio Quiros" <[email protected]> wrote:
Hi Josh,
Yes, cryptkey is owned by apache and writable:
drwxr-xr-x 2 apache apache 57 Sep 13 12:49 cryptkey
Also the files in cryptkey are writable by apache:
-rw-r--r-- 1 apache apache 1 Sep 13 12:49 cryptkeyid
-rw------- 1 apache apache 3394 Sep 13 12:49 private.pem
Thanks for your help with this, Josh.
Sorry to be such a pain.
-- Al Quiros
Enterprise Systems
On 10/12/18, 1:37 PM, "Josh Thompson" <[email protected]> wrote:
Hi Al,
It sounds like your .ht-inc/cryptkey directory on the web server is not
writable. The testsetup.php script should report if it is or not.
Manually
making this writable is described toward the end of step 2 under
"Install and
Configure the Web Components" at this URL:
https://vcl.apache.org/docs/VCL25InstallGuide.html
Josh
On Friday, October 12, 2018 7:50:59 AM EDT Evelio Quiros wrote:
> Hi All,
>
> Could there be some missing field in my configuration that is causing
this
> ?
Or could it be a code issue with the shibboleth authentication part ?
> It’s really strange that the shib auth throws a SQL error.
>
> When I try to log in to the new VCL installation, it does take me
to my
> authentication page, where I enter my credentials.
That part works fine.
> It’s only when I get redirected back that I get an error message on
the
> browser, then an email with the message below: The error message
doesn’t
> seem to include the entire MySQL line, just a piece of it. Is there a
piece
> of the shibboleth configuration that I am missing ? What are the
> “WebSecrectKeys” that the backtrace is mentioning ? Could it be the
> shibboleth authentication token ?
>
> You have an error in your SQL syntax; check the manual that
corresponds to
> your MariaDB server version for the right syntax to use near ') AS s
LEFT
> JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id'
at
> line 1
> SELECT ck.id as cryptkeyid, ck.pubkey as cryptkey, s.id as
> secretid, s.cryptsecret AS mycryptsecret FROM cryptkey ck JOIN (SELECT
> secretid as id, cryptsecret FROM cryptsecret WHERE cryptkeyid = ) AS
s LEFT
> JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id)
WHERE
> ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id !=
>
> -- Al Quiros
> Enterprise Systems
>
>
>
> On 10/11/18, 1:21 PM, "Evelio Quiros" <[email protected]> wrote:
>
> Hi All,
>
> I am working on a new VCL 2.5 installation using Shibboleth.
>
> The test script in the documentation seems to work correctly.
> But when I try to log into the new VCL using Shibboleth, I
get a
> MySQL error:
> You have an error in your SQL syntax; check the manual
that
> corresponds to your MariaDB server version for the right syntax to
use near
> ') AS s LEFT JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND
cs.secretid
> = s.id' at line 1
SELECT ck.id as cryptkeyid, ck.pubkey as cryptkey, s.id
> as secretid, s.cryptsecret AS mycryptsecret FROM cryptkey ck JOIN
(SELECT
> secretid as id, cryptsecret FROM cryptsecret WHERE cryptkeyid = ) AS
s LEFT
> JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND cs.secretid = s.id)
WHERE
> ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id != ERROR(101):
> General MySQL error
> Mode was
>
> Backtrace:
> =-=-=-=-=-=-=-=-=-=-=-=
> Call#:1 => index.php:addLoginLog() (line#:187)
> Call#:2 => authentication.php:checkMissingWebSecretKeys()
> (line#:580)
Call#:3 => utils.php:doQuery() (line#:3075)
>
> Backtrace with Arguments:
> =-=-=-=-=-=-=-=-=-=-=-=
> Call#:1 => index.php:addLoginLog() (line#:187)
> Arguments(4)
>
> Argument#: 1 => evquir@FIU
> Argument#: 2 => shibboleth
> Argument#: 3 => 3
> Argument#: 4 => 1
> -----------------------
> Call#:2 => authentication.php:checkMissingWebSecretKeys()
> (line#:580)
Arguments(none):
> -----------------------
> Call#:3 => utils.php:doQuery() (line#:3075)
> Arguments(1)
>
> Argument#: 1 => SELECT ck.id as cryptkeyid, ck.pubkey as
> cryptkey, s.id as secretid, s.cryptsecret AS mycryptsecret FROM
cryptkey ck
> JOIN (SELECT secretid as id, cryptsecret FROM cryptsecret WHERE
cryptkeyid
> = ) AS s LEFT JOIN cryptsecret cs ON (ck.id = cs.cryptkeyid AND
cs.secretid
> = s.id) WHERE ck.hosttype = 'web' AND cs.secretid IS NULL AND ck.id
!=
> -----------------------
>
> Any ideas on what could be causing this issue ?
>
> Thanks,
> -- Al Quiros
> Enterprise Systems
>
>
>
>
>
>
>
>
--
-------------------------------
Josh Thompson
Systems Programmer
Platform Computing | VCL Developer
North Carolina State University
[email protected]
919-515-5323
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
