Closed zoltancsoka closed 6 years ago
Greetings,
I have downloaded the latest version and enabled diagnostics. Now I see in the logfile:
[APLOG_DEBUG auth_mellon_handler.c:278] loaded IdP "https://sts.windows.net/anonymised/" from "/etc/httpd/mellon/idp.xml". [APLOG_DEBUG auth_mellon_handler.c:3576] Redirecting to login URL: https://santized.domain.local/mellon/login?ReturnTo=https%3A%2F%2Fsanitized.domain.local%2Fauth1%2Findex.html&IdP=https%3A%2F%2Fsts.windows.net%2anonymized enter function am_check_uid am_check_uid no session, return HTTP_UNAUTHORIZED
Although the log writes, that it is redirecting, the browser does not get any redirect requests, instead it will get a 401. If I take the login URL from the logfile and paste it into the browser, the login works fine and I get authenticated.
Could you please help me to find out why the redirect is not taking place?
Hi,
I don't have a direct answer for you; once it has logged the message about the redirect, all it should be doing is to actually redirect. No further authentication or authorization should be attempted.
One thing that is somewhat strange in your code is this block:
Require valid-user
AuthType "Mellon"
MellonEnable "info"
Here you are mixing MellonEnable "info"
, which does not trigger authentication, with Require valid-user
, which causes Apache to reject unauthenticated requests. I don't see how it should create the exact error you are describing, but I suggest trying to remove require valid-user
in that location.
Hi,
Many thanks for your reply. The issue was not in your module, but in our server configuration. An admin has put in a configuration which for whatever reason blocked the redirect. I have Tried it with a new installation and the redirect worked fine, the authentication was successful.
Sorry for the inconveniences caused,
Kind Regards,
Zoltan
I have configured IDP and SP and I can perform login manually calling /mellon/login?ReturnTo=/auth1/index.html. Following a successful authentication the content is served. I can also call the logout function manually, it logs me out and also returns to the ReturnTo address. The issue is, that if I just browse to the protected url, Apache sends me back a 401 instead of redirecting me to the IDP. I have tried different versions of the module and also many different kind of configs from different sources, but I always had the same behavior. Please find my anonymized config below:
<VirtualHost *:443> ServerName my.server.local DocumentRoot /var/www/wiki/ SSLEngine On SSLCertificateFile /etc/httpd/conf/my-server.pem SSLCertificateKeyFile /etc/httpd/conf/my-server.pem
Require valid-user AuthType "Mellon" MellonEnable "info" MellonSPentityId "https://my.server.local/mellon/metadata" MellonSPPrivateKeyFile /etc/httpd/mellon/sp.key MellonSPCertFile /etc/httpd/mellon/sp.crt MellonSPMetadataFile /etc/httpd/mellon/sp.xml MellonIdPMetadataFile /etc/httpd/mellon/idp.xml MellonEndpointPath "/mellon/"
<Location /auth1>
This location will trigger an authentication request to the IdP.
Do you have an idea what I am doing wrong? Or does it have anything to do with the virtualhost? Error logs do not have any information and unfortunately the module does not work with diagnostics enabled.