SSO permission denied

Issue #662 on hold
Mathijs de Ruiter created an issue

I'm getting the 'permission denied' error for SSO authentication. Below I'll show my logfiles and config files. Also note that I added the DNS name (piler.mydomain.nl) to the intranet zone in IE, as well as the network.negotiate-auth.trusted-uris config in Firefox. Note too that LDAP authentication is working..

site-config.php:

$config['ENABLE_SSO_LOGIN'] = 1;

$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_HOST'] = 'skdc02.domain.local';
$config['LDAP_BASE_DN'] = 'DC=domain,DC=local';
$config['LDAP_HELPER_DN'] = 'CN=LDAP_SA,OU=Service Accounts,OU=Accounts,DC=domain,DC=local';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxxxxxxxx';
$config['LDAP_MAIL_ATTR'] = 'mail';

Logs after login attempt with permission denied result:

==> ./access.log <==

==> ./error.log <==

==> ./other_vhosts_access.log <==

==> ./piler.yourdomain.com-access_log <==
172.16.6.214 - - [04/Mar/2016:10:18:38 +0100] "GET / HTTP/1.1" 302 415
172.16.6.214 - - [04/Mar/2016:10:18:38 +0100] "GET /sso.php HTTP/1.1" 200 378
172.16.6.214 - - [04/Mar/2016:10:19:46 +0100] "GET /sso.php HTTP/1.1" 200 379
172.16.6.214 - - [04/Mar/2016:10:20:07 +0100] "GET / HTTP/1.1" 302 415
172.16.6.214 - - [04/Mar/2016:10:20:07 +0100] "GET /sso.php HTTP/1.1" 200 378

==> ./piler.yourdomain.com-error_log <==
[Fri Mar 04 10:19:46.697491 2016] [:error] [pid 7202] [client 172.16.6.214:55841] PHP Notice:  A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:19:46.697933 2016] [:error] [pid 7202] [client 172.16.6.214:55841] PHP Notice:  A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:20:07.570578 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.570599 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.570624 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.570629 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.577718 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.577725 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.577839 2016] [:error] [pid 7194] [client 172.16.6.214:55857] PHP Notice:  A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:20:07.578087 2016] [:error] [pid 7194] [client 172.16.6.214:55857] PHP Notice:  A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30

Comments (5)

  1. Mathijs de Ruiter reporter

    Hi Janos, currently I'm busy with other projects. I think when I've some time to spend on Piler I'll opt for the installation service. However I would like it to be via Teamviewer so I can see what it takes to install Piler.

  2. Log in to comment