Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2014-04-16

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:47 ilbot3 joined ##shibboleth
09:30 gain joined ##shibboleth
14:31 someguy joined ##shibboleth
14:33 someguy Hi all. I've got an issue where apache does not seem to be handing off /Shibboleth.sso urls to the shib module. I've been looking over my shibboleth.xml config file, and don't see any issues. We recently deployed a new web farm, so I've been comparing what we now have versus what we used to use, and I don't see the problem.
14:33 someguy Is there a way I can increase logging for the apache module to see why it isn't being called?
14:39 pdurbin someguy: what changed? it's a farm now?
14:46 someguy we redeployed the same version of ubuntu, apache, php and php modules. But we changed the way we deployed them. Was an NFS fileshare, did some cleanup and now managed with saltstack
14:46 someguy But yes, it is a farm of machines. We have multiple apache servers behind a varnish balancer/cache
14:47 someguy varnish being part of the setup is not new
14:47 someguy we have a shibboleth.xml file with <EndpointBase>http://SITENAME/Shibboleth.sso</EndpointBase> and <EndpointBase>https://SITENAME/Shibboleth.sso</EndpointBase>
14:48 someguy for each of our virtual hosts
14:49 pdurbin the config files are the same as before, more or less?
14:50 someguy I *think* so
14:50 someguy I've poured over shibboleth.xml and it is the same
14:51 someguy I've move the save location of our sso-metadata-signed.xml to /var/run/shibboleth, since it used to be saved in /etc/ requiring us to have world write permissions
14:51 pdurbin and no luck increasing loggin, sounds like
14:52 someguy I guess I'm not sure what logging I should look at
14:52 someguy I've not had luck increasing apache's logging
14:52 pdurbin doesn't shib have its own log?
14:52 pdurbin shibd
14:53 someguy I see /etc/shibboleth/native.logger console, syslog but since my error is a page not found from apache when accessing site/Shibboleth.sso/post from the redirect, I'm not sure where to see the apache module's issue
14:59 pdurbin anything in /var/log/shibboleth?
14:59 pdurbin some log stuff at https://wiki.shibboleth.net/co‚Äčnfluence/display/SHIB/LogFiles
15:01 someguy Nothing that jumps out at me. I see XMLTooling.libcurl.InputStream error while fetching our metadata file. Which is weird since I can wget it just fine from that machine. I've already done so on this machine to be able to investigate further
15:04 someguy my workflow so far is that I access site/shibboleth, where we have a .htaccess file containing: AuthType shibboleth ShibRequireSession On require user ywy0003
15:05 someguy that then redirects to our sso idp, where I login. After logging in I'm redirected back to SITE/Shibboleth.sso/SAML2/POST and get a page not found error
15:05 someguy I am also unable to access SITE/Shibboleth.sso/Session or any other special shibboleth url
15:05 someguy by the way, I am not ywy003, so I would expect to get an access denied message

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary