0001135: Wrong service send by sogo with CAS auth_pam cas - SOGo | BTS

ID	Project	Category	View Status	Date Submitted	Last Update

0001135	SOGo	SOPE	public	2011-02-14 09:35	2011-02-17 21:10

Reporter	oroux	Assigned To	ludovic
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	1.3.5
Target Version	1.3.6	Fixed in Version	1.3.6

Summary	0001135: Wrong service send by sogo with CAS auth_pam cas
Description	If you use , an imap server with ssl , the connection to the imap server for CAS authentification is change to imap with no ssl The config : <key>SOGoIMAPServer</key> <string>imaps://imap.aaa.fr</string> The log on the cas server 2011-02-11 15:09:37,126 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-244572-yNpKd0ZXH1XSP7qdgTBWcWsDmb1xO5Lmbpj-20] for service [imap://imap.aaa.fr] for user [https://srv-webSOGO1.aaa.fr/SOGo/casProxy]> note the name of the service : imap://imap.aaa.fr instead of imaps://imap.aaa.fr So on the imap server, the ticket is not ok because the service is different d DEBUG: auth_pam: pam_authenticate failed: authentication error Feb 11 15:26:31 imaps PAM_cas[89736]: authentication failure ^M ^M <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>^M <cas:authenticationFailure code='INVALID_SERVICE'>^M le ticket 'ST-244572-yNpKd0ZXH1XSP7qdgTBWcWsDmb1xO5Lmbpj-20' ne correspond pas au service demandé^M</cas:authenticationFailure>^M</cas:serviceResponse> Authentification error because sogo has valided the ticket with the cas server with the service imap://imap.aaa.fr instead of imaps://imap.aaa.fr I suppose that the problem is when sogo send the requests for the service on the cas server (Granted service ticket)
Tags	No tags attached.

ludovic 2011-02-15 20:18 administrator ~0002108	Can you paste the entries from your sogo.log file when that happens?

oroux 2011-02-16 10:23 reporter ~0002120	Feb 16 11:14:48 sogod [9419]: \|SOGo\| request took 7.374983 seconds to execute localhost - - [16/Feb/2011:11:14:48 GMT] "GET /SOGo/so/aaaa/Mail/view HTTP/1.1" 200 8790/0 7.378 29782 70% 8K Feb 16 11:14:48 sogod [9419]: \|SOGo\| starting method 'POST' on uri '/SOGo/so/aaaa/Calendar/alarmslist?browserTime=1297851285' Feb 16 11:14:48 sogod [9419]: \|SOGo\| lookup name: aaaa Feb 16 11:14:48 sogod [9419]: \|SOGo\| did not find key 'aaaa' in SoClass: <0x0x9f072d0[SoObjCClass]: super=0x0x9f05d30 objc=SOGo slots=GET,toolbar,casProxy,view,index,changePassword,connect> Feb 16 11:14:48 sogod [9419]: \|SOGo\| looked up value: (nil) Feb 16 11:14:48 sogod [9419]: \|SOGo\| lookup in root object: (nil) Feb 16 11:14:48 sogod [9419]: \|SOGo\| GOT: (nil) Feb 16 11:14:48 sogod [9419]: <<0x0xa193978[GCSFolder]>>D released channel: <MySQL4Channel[0x0xa20cf38] connection=0x0xa20d2e0> Feb 16 11:14:48 sogod [9419]: \|SOGo\| request took 0.006204 seconds to execute localhost - - [16/Feb/2011:11:14:48 GMT] "POST /SOGo/so/aaaa/Calendar/alarmslist?browserTime=1297851285 HTTP/1.1" 200 2/0 0.008 - - 0 Feb 16 11:14:48 sogod [9419]: \|SOGo\| starting method 'POST' on uri '/SOGo/so/aaaa/Mail/0/mailboxes' Feb 16 11:14:48 sogod [9419]: \|SOGo\| lookup name: aaaa Feb 16 11:14:48 sogod [9419]: \|SOGo\| did not find key 'aaaa' in SoClass: <0x0x9f072d0[SoObjCClass]: super=0x0x9f05d30 objc=SOGo slots=GET,toolbar,casProxy,view,index,changePassword,connect> Feb 16 11:14:48 sogod [9419]: \|SOGo\| looked up value: (nil) Feb 16 11:14:48 sogod [9419]: \|SOGo\| lookup in root object: (nil) Feb 16 11:14:48 sogod [9419]: \|SOGo\| GOT: (nil) Feb 16 11:14:52 sogod [9419]: [ERROR] <0x0xa322790[NGImap4ConnectionManager]> IMAP4 login failed: host=epok.ece.fr, user=aaaa, pwd=yes url=imaps://aaaa@epok.ece.fr/ base=(nil) base-class=(nil)) = <0x0xa2f4d18[NGImap4Client]: login=aaaa(pwd) socket=<NGActiveSSLSocket[0x0x9f0ef08]: mode=rw address=<0x0x9e48250[NGInternetSocketAddress]: host=srv-websogo1.ece.fr port=47476> connectedTo=<0x0xa2f4f38[NGInternetSocketAddress]: host=epok.ece.fr port=993>>> Feb 16 11:14:52 sogod [9419]: <0x0A2F9C78[SOGoMailAccount]:0> renewing imap4 password Feb 16 11:14:55 sogod [9419]: [ERROR] <0x0xa322790[NGImap4ConnectionManager]> IMAP4 login failed: host=epok.ece.fr, user=aaaa, pwd=yes url=imaps://aaaa@epok.ece.fr/ base=(nil) base-class=(nil)) = <0x0xa3185c8[NGImap4Client]: login=aaaa(pwd) socket=<NGActiveSSLSocket[0x0xa314ab8]: mode=rw address=<0x0xa2b6208[NGInternetSocketAddress]: host=srv-websogo1.ece.fr port=47478> connectedTo=<0x0xa29f5b0[NGInternetSocketAddress]: host=epok.ece.fr port=993>>> Feb 16 11:14:55 sogod [9419]: [ERROR] <0x0A2F9C78[SOGoMailAccount]:0> Could not connect IMAP4 Feb 16 11:14:55 sogod [9419]: \|SOGo\| request took 7.104423 seconds to execute localhost - - [16/Feb/2011:11:14:55 GMT] "POST /SOGo/so/aaaa/Mail/0/mailboxes HTTP/1.1" 200 17/0 7.106 - - 0 Feb 16 11:14:55 sogod [9419]: \|SOGo\| starting method 'POST' on uri '/SOGo/so/aaaa/Mail/foldersState' Feb 16 11:14:55 sogod [9419]: \|SOGo\| lookup name: aaaa Feb 16 11:14:55 sogod [9419]: \|SOGo\| did not find key 'aaaa' in SoClass: <0x0x9f072d0[SoObjCClass]: super=0x0x9f05d30 objc=SOGo slots=GET,toolbar,casProxy,view,index,changePassword,connect> Feb 16 11:14:55 sogod [9419]: \|SOGo\| looked up value: (nil) Feb 16 11:14:55 sogod [9419]: \|SOGo\| lookup in root object: (nil) Feb 16 11:14:55 sogod [9419]: \|SOGo\| GOT: (nil) Feb 16 11:14:55 sogod [9419]: \|SOGo\| request took 0.003717 seconds to execute localhost - - [16/Feb/2011:11:14:55 GMT] "POST /SOGo/so/aaaa/Mail/foldersState HTTP/1.1" 200 0/0 0.005 - - 0 on the impa server Feb 16 11:17:11 epok PAM_cas[80986]: authentication failure ^M ^M <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>^M <cas:authenticationFailure code='INVALID_TICKET'>^M le ticke t 'ST-311604-C2cIdgeeQCK7B4SaCczpdVwFlydxO6kJij5-20' est inconnu^M </cas:authenticationFailure>^M </cas:serviceResponse> Feb 16 11:17:11 epok PAM_cas[80986]: for requestGET https://webauth.ece.fr/cas/proxyValidate?ticket=ST-311604-C2cIdgeeQCK7B4SaCczpdVwFlydxO6kJij5-20&service=imaps://epok.ece.fr HTTP/1.0 Host: webauth.ece.f r Feb 16 11:17:11 epok saslauthd[80986]: DEBUG: auth_pam: pam_authenticate failed: authentication error on the cas server -webSOGO1.ece.fr/SOGo/casProxy] 2011-02-14 11:40:55,905 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-279897-IXDUUnAPkhmyb0VbfJOam3IaikZiy9FpgcB-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-14 11:41:00,020 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-279900-NKcXHH4xtJEtSBRcwBsVkSXw3gLtdI2qJp1-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:00,616 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-311991-0RC5nJRdZv2tAt604Zh3m0pEAlV1kNsrlVu-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:04,234 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-311992-H5IDydrLkwbMqISa0nbjIcnzIdhZ0hqCMfn-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:11,720 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-311993-6BpUKHHeYDTtykwfxa5WKXbTrac7RVmhLl4-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:38,087 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-312004-MyV0QCruRRGZbjDb7BxH6UAIcXsVTBVxXmL-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:41,704 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-312005-Jrvh4iVVA3UN4ByjLrSCajCFPyVinpTK50c-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] 2011-02-16 11:14:49,444 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-312014-ryyH9oRCP5ib39TzapwCaZqeJNdrgdiuGED-20] for service [imap://epok.ece.fr] for user [https://srv-webSOGO1.ece.fr/SOGo/casProxy] the config sogo <key>SOGoAuthenticationType</key> <string>cas</string> <key>SOGoCASServiceURL</key> <string>https://webauth.ece.fr/cas</string> <key>SOGoIMAPServer</key> <string>imaps://epok.ece.fr</string>

ludovic 2011-02-17 21:10 administrator ~0002127	Fixed : http://mtn.inverse.ca/revision/diff/66896b19ddd5c88878bd3dc798a5ac3efee18a48/with/392bdd6ba9c324042c23ae3d8e26d2d328da895f

Date Modified	Username	Field	Change
2011-02-14 09:35	oroux	New Issue
2011-02-15 18:50	ludovic	Target Version	=> 1.3.6
2011-02-15 18:50	ludovic	Description Updated
2011-02-15 18:50	ludovic	Additional Information Updated
2011-02-15 20:18	ludovic	Note Added: 0002108
2011-02-16 10:23	oroux	Note Added: 0002120
2011-02-17 21:10	ludovic	Note Added: 0002127
2011-02-17 21:10	ludovic	Status	new => resolved
2011-02-17 21:10	ludovic	Fixed in Version	=> 1.3.6
2011-02-17 21:10	ludovic	Resolution	open => fixed
2011-02-17 21:10	ludovic	Assigned To	=> ludovic