Hi.
I'm trying to get CAS authentication working on SOGo for quite long now,
and I still can't get it working. I previously had a problem with my CAS
server but it's now fixed. This CAS server (I'm using LemonLDAP::NG as
CAS server) is used successfully with other services.
Here are the details:
- I've configured 3 workers in /etc/sysconfig/sogo (running on CentOS)
- I've modified the .GNUstepDefaults file to include
SOGoAuthenticationType = cas;
SOGoCASServiceURL ="https://auth.domain.tld/cas";;
- When I try to reach SOGo, I'm redirected on my CAS login page
- After authentication, I'm redirected back to SOGo with my ticket
(https://sogo.domain.tld/SOGo/so/?ticket=ST-1355511f48ade63cc81a2839c211fbae
for example)
- SOGo correctly checks the ticket and ask for its PGT (URL reaching my
CAS server
is
/cas/serviceValidate?ticket=ST-1355511f48ade63cc81a2839c211fbae&service=https%3A%2F%2Fsogo.domain.tld%2FSOGo%2Fso%2F&pgtUrl=https%3A%2F%2Fsogo.domain.tld%2FSOGo%2FcasProxy
- my CAS server validate the service, and call the pgtUrl successfully
(https://sogo.domain.tld/SOGo/casProxy?pgtIou=PGTIOU-ca228410631b576aa96c94506cc6c289&pgtId=PGT-85a4b5c0600045d28ef0bb3994b62b7f)
- This request is handled by the cas-proxy-validate.py script, and the
PGT is stored in memcached (checked with memcached-tool localhost dump)
- Up to now, everything is normal, but then, one sogo worker takes 100%
CPU, and my browser stays here loading the page, until it displays a
proxy error (timeout)
In SOGo logs, all I have is this:
2011-12-21 12:48:59.018 sogod[15834] Note: Using UTF-8 as URL encoding
in NGExtensions.
Dec 21 12:48:59 sogod [15834]: |SOGo| starting method 'GET' on uri
'/SOGo/'
Dec 21 12:48:59 sogod [15834]: <0x0x9a5d814[SOGoCache]> Cache cleanup
interval set every 300.000000 seconds
Dec 21 12:48:59 sogod [15834]: <0x0x9a5d814[SOGoCache]> Using host(s)
'localhost' as server(s)
Dec 21 12:48:59 sogod [15834]: |SOGo| traverse(acquire): SOGo
Dec 21 12:48:59 sogod [15834]: |SOGo| do traverse name: 'SOGo'
2011-12-21 12:48:59.018 sogod[15834] Note(SoObject): SoDebugKeyLookup is
enabled!
2011-12-21 12:48:59.018 sogod[15834] Note(SoObject): SoDebugBaseURL is
enabled!
2011-12-21 12:48:59.018 sogod[15834] Note(SoObject): relative base URLs
are enabled.
Dec 21 12:48:59 sogod [15834]: |SOGo| set clientObject:
<SOGo[0x0x9a96e14]: name=SOGo>
Dec 21 12:48:59 sogod [15834]: <0x0x99fe7cc[LDAPSource]> WARNING: using
old bindFields format - please update it
2011-12-21 12:48:59.024 sogod[15834] WOCompoundElement: pool embedding
is on.
2011-12-21 12:48:59.024 sogod[15834] WOCompoundElement: id logging is
on.
Dec 21 12:48:59 sogod [15834]: |SOGo| request took 0.005999 seconds to
execute
localhost - - [21/Dec/2011:12:48:59 GMT] "GET /SOGo/ HTTP/1.1" 302 0/0
0.006 - - 2M
Dec 21 12:48:59 sogod [15834]: |SOGo| starting method 'GET' on uri
'/SOGo/so/?ticket=ST-1355511f48ade63cc81a2839c211fbae'
Dec 21 12:48:59 sogod [15834]: |SOGo| traverse(acquire):
Dec 21 12:48:59 sogod [15834]: |SOGo| set clientObject:
<SOGo[0x0x9a96e14]: name=SOGo>
Dec 21 12:49:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 1 minutes
Dec 21 12:50:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 2 minutes
Dec 21 12:51:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 3 minutes
Dec 21 12:52:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 4 minutes
Dec 21 12:53:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 5 minutes
Dec 21 12:54:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 6 minutes
Dec 21 12:56:00 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 7 minutes
Dec 21 12:56:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 8 minutes
Dec 21 12:57:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]> pid
15834 has been hanging in the same request for 9 minutes
Dec 21 12:58:59 sogod [15831]: [WARN] <0x0x9b73214[WOWatchDogChild]>
safety belt -- sending KILL signal to pid 15834
Dec 21 12:58:59 sogod [15831]: <0x0x9b73214[WOWatchDogChild]> child
15834 exited
Dec 21 12:58:59 sogod [15831]: <0x0x9b73214[WOWatchDogChild]>
(terminated due to signal 9)
Dec 21 12:58:59 sogod [15831]: <0x0x9b31c7c[WOWatchDog]> child spawned
with pid 16869
Now, to debug further, I think I need to run sogod in gdb, but I don't
know exactly how should I run it.
Especially, CAS auth needs at least 2 workers to work, but I think
running sogod in gdb is possible only with 1 worker.
Can somebody give me some hints about how should I use gdb to get more
informations on this ? (once I have all the relevant informations, I'll
be able to open a bug).
Regards, Daniel
--
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Web : http://www.firewall-services.com
--
[email protected]
https://inverse.ca/sogo/lists
