Re: [BioMart Users] openID authentication against https://centralregistry.dcc.icgc.org

Mon, 23 May 2011 09:05:35 -0700 



I have the thing working with two virtual hosts. A first one for http, 
and a later for https.
We decided to redirect all the http flow towards the https virtual host 
( you'll see from the http conf

piece of config I pasted)

   thanks

Alexis


************************************************************************************
HTTP CONF

NameVirtualHost 84.88.51.185:80
<VirtualHost 84.88.51.185:80>

        ServerName dcc.cllgenome.es

##  ProxyPass / http://localhost:9000/
##  ProxyPassReverse / http://locahost:9000/

        ProxyRequests On
        ProxyPreserveHost On

        LogLevel info
        ErrorLog /var/log/apache2/dcc.error_log
        CustomLog /var/log/apache2/dcc.access_log combined

## https
## make it a comment if you have problems
##       Force https
           RewriteEngine On
           RewriteCond %{HTTPS} off
           RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
##

</VirtualHost>
*****************************************************************************
HTTPS CONF

NameVirtualHost 84.88.51.185:443
<VirtualHost 84.88.51.185:443>

        ServerName dcc.cllgenome.es

        ProxyPass / https://localhost:9043/
        ProxyPassReverse / https://locahost:9043/


        ProxyRequests On
        ProxyPreserveHost On

        LogLevel info
        ErrorLog /var/log/apache2/dcc-ssl.error_log
        CustomLog /var/log/apache2/dcc-ssl.access_log combined

        #Redirect permanent / https://dcc.cllgenome.es

        SSLEngine on
        SSLVerifyDepth 10


        SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCACertificatePath /etc/tls/cacert/

        SSLCertificateFile /etc/tls/certs/bscicgc01.bsc.es.pem
        SSLCertificateKeyFile /etc/tls/keys/bscicgc01_nodes.bsc.es.key

        SSLProxyCACertificatePath /etc/tls/cacert/
        SSLProxyEngine on
        #SSLProxyVerify require
        SSLProxyVerify none
        SSLProxyVerifyDepth 10

</VirtualHost>

********************************************************************************


On 05/23/2011 05:45 PM, Junjun Zhang wrote:

Hi Alexis,


Can you please send us the content of the settings of the apache 
virtual host where you redirect incoming requests to the BioMart server?


Thanks,
Junjun


PS: as Brett suggested, please contact us using 
[email protected], not [email protected]



From: Alexis <[email protected] <mailto:[email protected]>>
Date: Mon, 23 May 2011 09:45:49 -0400

To: "[email protected] <mailto:[email protected]>" <[email protected] 
<mailto:[email protected]>>
Subject: Re: [BioMart Users] openID authentication against 
https://centralregistry.dcc.icgc.org




    Hi Brett, Junjun

    I've test what you advice me. No changes in the error message, the
    same "Server error: null". And trying
    to find out where that change https to http happens. Only a java
    error found (added at the end of my mail).
    Would you recommend to enable some debug flag in biomart?

    The other factor I think can make things go wrong is a rewrite
    http to https I keep in my apache virtual host
    config file. But puzzles me because what you tell me is about a
    https to http change.

               regards.

       Alexis.

    By the way I put also some biomart.properties variables :

    locale.name = en
    location.code = 005
    locale.plurals = true
    ##################################################
    # HTTP SETTINGS
    ##################################################
    http.host = 0.0.0.0
    #http.host = localhost
    http.port = 9000
    # Only if public URL different from host+port above
    http.url = http://dcc.cllgenome.es/

    ##################################################
    # HTTPS SETTINGS
    ##################################################
    https.port = 9043

    # Only if public URL different from host+port above
    https.url = https://dcc.cllgenome.es

    ssl.keystore = etc/keystore
    #ssl.password = OBF:19iy19j019j219j419j619j8
    ssl.password = XXXXXXXX

    #ssl.truststore = etc/keystore
    #ssl.trustpassword = OBF:19iy19j019j219j419j619j8

    # Set to false if x509 certificate verification is required
    x509.trustall = true


    THE JAVA EXCEPTION :

    2011-05-23 15:20:29,391 ERROR
    [881581266@qtp-1986936160-6:Log.java:208]: Request to Central
    Registry threw an IOException: centr
    java.lang.NullPointerException
            at
    org.biomart.api.lite.MartRegistry.getGroupName(MartRegistry.java:186)
            at
    org.biomart.api.rest.UserResource.verify(UserResource.java:229)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at
    
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at
    
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at
    
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(
            at
    
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.j
            at
    
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279)
    ...
        at
    
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:680)
            at
    
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)



    On 05/20/2011 08:18 PM, Brett Whitty wrote:

    *Hi Alexis,*
    *
    *
    When I try to use openID to log into your site I get a popup in
    my browser that warns about the traffic being switched from HTTPS
    to HTTP, which leads me to believe there is a problem with the
    http.url and https.url settings in your biomart.properties file.
    You should set these to the real external URLs of your site if
    they aren't already set to that. You also should set your
    http.host to '0.0.0.0'.

    When I try to login with yahoo instead of openid, I get
    redirected to the following URL on successful login:
    *http://localhost:9000/*
    *which is what the default settings would be if they weren't
    changed.*
    *
    *
    Please send future email support requests to
    [email protected] and not to Junjun or myself
    directly, as it is easier for us to co-ordinate this way.

    Regards,
    *
    *
    *Brett*

    From: Alexis <[email protected] <mailto:[email protected]>>
    Date: Fri, 20 May 2011 11:07:38 -0400
    To: jzhang <[email protected] <mailto:[email protected]>>
    Subject: openID authentication against
    https://centralregistry.dcc.icgc.org


        Hi Junjun

        After some issues I think our server at BSC could be tested from
        your site. There is only a matter about openID. I put the
        "location" Brett
        told us to use for openID authentication (
        https://centralregistry.dcc.icgc.org ). I receive after
        signing in an error message such as : "Server error: null" in
        a yellow box just at my dcc portal. When I use an empty
        "location" it works well. There is some detail I'm missing, I
        suppose. Do you know where it could come from?

        By the way... https and many other details worked shoulder to
        shoulder
        with Jorge are fine (dcc from bsc do not complaints about the
        "binary" problem is annoying Jorge). If you consider it's the
        right time to add dcc.cllgenome.es to your test pipelines, go
        ahead, you are welcome.

           regards.

        Alexis.








        WARNING / LEGAL TEXT: This message is intended only for the
        use of the individual or entity to which it is addressed and
        may contain information which is privileged, confidential,
        proprietary, or exempt from disclosure under applicable law.
        If you are not the intended recipient or the person
        responsible for delivering the message to the intended
        recipient, you are strictly prohibited from disclosing,
        distributing, copying, or in any way using this message. If
        you have received this communication in error, please notify
        the sender and destroy and delete any copies you may have
        received.

        http://www.bsc.es/disclaimer.htm





    WARNING / LEGAL TEXT: This message is intended only for the use of
    the individual or entity to which it is addressed and may contain
    information which is privileged, confidential, proprietary, or
    exempt from disclosure under applicable law. If you are not the
    intended recipient or the person responsible for delivering the
    message to the intended recipient, you are strictly prohibited
    from disclosing, distributing, copying, or in any way using this
    message. If you have received this communication in error, please
    notify the sender and destroy and delete any copies you may have
    received.

    http://www.bsc.es/disclaimer.htm






WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer.htm
_______________________________________________
Users mailing list
[email protected]
https://lists.biomart.org/mailman/listinfo/users






















					Reply via email to