search

h2020-westlife-eu / wp6-repository

https://h2020-westlife-eu.github.io/wp6-repository/
MIT License
0 stars 0 forks source link

Login via West-Life SSO fails on HTTP 400 Bad Request #42

Open TomasKulhanek opened 6 years ago

TomasKulhanek commented 6 years ago

Installed Repository on cernvm4. Login via West-Life SSO fails on HTTP 400 Bad Request. Checked version of lasso (2.4.1), mod_auth_mellon (0.9.1) Installed manually lasso (2.5.1), mod_auth_mellon (0.11.0) and dependencies by

rpm -i http://mirror.centos.org/centos/7/os/x86_64/Packages/xmlsec1-1.2.20-5.el7.x86_64.rpm
rpm -i http://mirror.centos.org/centos/7/os/x86_64/Packages/xmlsec1-openssl-1.2.20-5.el7.x86_64.rpm
rpm -i http://mirror.centos.org/centos/7/os/x86_64/Packages/lasso-2.5.1-2.el7.x86_64.rpm
rpm -i http://mirror.centos.org/centos/7/os/x86_64/Packages/mod_auth_mellon-0.11.0-4.el7.x86_64.rpm

After that still HTTP 400 is returned. /var/log/httpd/error_log contains:

[Fri Apr 13 09:12:23.615948 2018] [:error] [pid 9398] [client 10.0.2.2:59712] Error processing authn response. Lasso error: [440] The profile cannot verify a signature on the message

The same configuration works if installed on pure Scientific Linux 7.4 (where lasso 2.5.1 and mod_auth_mellon 0.11.0 is already in distribution repository), login via West-Life SSO works.

TomasKulhanek commented 6 years ago

Reproduced on most updated CernVM Linux version 4.14.18-9.cernvm.x86_64 (jakob@meerkat) (gcc version 7.3.0 (GCC)) #1 SMP Thu Feb 8 13:54:00 CET 2018

Reproduced on SL 7.x with this kernel version Linux version 3.10.0-693.5.2.el7.x86_64 (mockbuild@sl7-uefisign.fnal.gov) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Oct 19 10:13:14 CDT 2017

Not reproduced working on Centos 7.x Linux version 3.10.0-693.21.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Wed Mar 7 19:03:37 UTC 2018

Not reproduced on another version SL 7.4 Linux version 3.10.0-693.17.1.el7.x86_64 (mockbuild@sl7-uefisign.fnal.gov) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Jan 25 04:11:40 CST 2018

TomasKulhanek commented 6 years ago

To reproduce git clone https://github.com/h2020-westlife-eu/wp6-vm cd wp6-vm/rep-standalone-src edit bootstrap.sh, uncomment and add URL of secrets for West-Life and ARIA SSO, (on request) #wget -O secrets.zip https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #unzip secrets.zip save and launch vagrant up

TomasKulhanek commented 6 years ago

Reproduced on CernVM4 (SL 7.5) Linux version 4.14.18-9.cernvm.x86_64 (jakob@meerkat) (gcc version 7.3.0 (GCC)) #1 SMP Thu Feb 8 13:54:00 CET 2018

[root@wl-virtualfolder mellon]# yum info mod_auth_mellon
Installed Packages
Name        : mod_auth_mellon
Arch        : x86_64
Version     : 0.13.1
[root@wl-virtualfolder mellon]# yum info lasso
Installed Packages
Name        : lasso
Arch        : x86_64
Version     : 2.5.1
Release     : 2.el7

[root@wl-virtualfolder mellon]# yum info xmlsec1
Installed Packages
Name        : xmlsec1
Arch        : x86_64
Version     : 1.2.20
Release     : 7.el7_4
[root@wl-virtualfolder mellon]# yum info xmlsec1-openssl
Installed Packages
Name        : xmlsec1-openssl
Arch        : x86_64
Version     : 1.2.20
Release     : 7.el7_4

[root@wl-virtualfolder httpd]# tail error_log
[Tue Jun 26 10:04:59.623253 2018] [auth_mellon:error] [pid 30554] [client 148.79.95.226:51507] Error processing authn response. Lasso error: [440] The profile cannot verify a signature on the message