SSO RSA-SHA1 key generate probrem.

[Masayoshi Yamamoto 1245671]

Hi. SSO Administrator

 

I am VATJPN Webmaster.

We are constructing new VATJPN website using vatsim SSO System.

 

I want generate RSA-SHA1 key by "OpenSSL 1.0.1e-fips 11 Feb 2013"

 

openssl rsa -in keyname.pem -pubout > keyname.pub
openssl genrsa -out keyname.pem 2048

but it shows following error "Your RSA key appeared to be in an incorrect format."

 

I'm sorry to trouble you. Please tell me if you know how to fix it.

mail: [email protected]

 

Sorry poor english.

[Jonathan Aquilina 1336916]

I can confirm that I ran the same commands and obviously changed the name of the keys only and im getting the exact same message when I try to setup the key on the system.

[Kieran Hardern]

I'm going to [Mod - Happy Thoughts]ume you're talking about getting that error when updating your RSA key in the SSO interface, not actually on the key generation.

 

I presume you're simply not putting the right thing in the right place. You should be putting the public key output into the SSO field (with no spaces, extra info etc).

 

Also worth noting that the 2 commands are the wrong way around, so make sure you're actually generating an RSA keypair with a public key being generated out of it.

[Jonathan Aquilina 1336916]

We have managed to get the SSO running on the demo server, but as soon as we switch to the live the system we get a white screen. All the steps to sign up for the live have been taken care of.

[Kieran Hardern]

Do some debugging

[nathaniel mitchell 1278498]

hahahaha he has done m[Mod - Happy Thoughts]ive debug and cant find the issue dose the website have to be live for a starts for the sso to work coz the demo worked with it not live.

 

kind regards

Nathaniel Mitchell

membership director

Malta

[Jamie Fox 811029]

I'm not quite sure what 'live' means in this context; naturally, the site needs to have access to the internet in order to communicate with VATSIM SSO.

 

Your site needs to be connecting from one of your specific authorised IP addresses, and using the correct RSA key that you have generated and registered. Have you checked both these things?

[Jonathan Aquilina 1336916]

We have set all that up in terms of authorized keys on https://cert.vatsim.net/SSO

 

In the configuration on the moodle sso which is server side I have it set to HMAC. Is it ok I leave that as HMAC or does that need to change to RSA. If it needs to change to RSA im guessing I need to specify the correct public key there no?

[Jamie Fox 811029]

You can set up your site to use RSA or HMAC as your authentication method, but these can be enabled/disabled in the site settings. Please could you check your settings on the SSO control panel to be sure you have the right authentication method(s) enabled?

[Jonathan Aquilina 1336916]

You can set up your site to use RSA or HMAC as your authentication method, but these can be enabled/disabled in the site settings. Please could you check your settings on the SSO control panel to be sure you have the right authentication method(s) enabled?

 

We have HMAC set on the SSO control panel as well as in the moodle SSO configuration and yet the white screen persists.

[Anthony Lawrence]

You can set up your site to use RSA or HMAC as your authentication method, but these can be enabled/disabled in the site settings. Please could you check your settings on the SSO control panel to be sure you have the right authentication method(s) enabled?

 

We have HMAC set on the SSO control panel as well as in the moodle SSO configuration and yet the white screen persists.

 

The white screen whilst on your own domain? What's the output if you enable error reporting? What do your server logs say?

[nathaniel mitchell 1278498]

if you don't mide me asking were dose one enable the error reporting for sso and moddle jhanthan

is gonna look though his sever logs

 

kind regards

[Jamie Fox 811029]

This forum is specifically for support with SSO integration, rather than general web development discussion. You will need to ask whoever does your PHP development to debug the problem further - they should also be able to see if there are any problems apparent in the logs.

 

The PHP sample code provided for SSO includes error handling, which will let your system know the details of any problems that are occurring with the SSO communication, if that's where the problem lies. If after debugging there is a specific problem with SSO that you can't solve, please let us know.

[Jonathan Aquilina 1336916]

This forum is specifically for support with SSO integration, rather than general web development discussion. You will need to ask whoever does your PHP development to debug the problem further - they should also be able to see if there are any problems apparent in the logs.

 

The PHP sample code provided for SSO includes error handling, which will let your system know the details of any problems that are occurring with the SSO communication, if that's where the problem lies. If after debugging there is a specific problem with SSO that you can't solve, please let us know.

 

Jamie, I am using Kieran's code from his github repository for moodle SSO. I am the webmaster for Malta and I am doing all the coding. I will try to figure out how to add error handling but all I am doing is uploading the moodle SSO authentication code into the moodle authentication directory. I am enabling the plugin and setting the consumer key secret key and if its HMAC or RSA and pointing the server to https://cert.vatsim.net/sso

 

At this point I have not done any custom code on our website for SSO that is still in the pipeline.

[Jonathan Aquilina 1336916]

I have managed to get the SSO working, and how can i grant my SSO user admin access.

[Jamie Fox 811029]

For the benefit of anyone else who might be having a similar problem in future, what did you have to change to get it working?

 

Sorry, I'm not quite sure what you mean by your 'SSO user'. Is this something to do with the VATSIM.net SSO settings, or do you mean admin access within Moodle itself?

[Jonathan Aquilina 1336916]

To answer your question. Once someone logs into moodle through the SSO they are a normal user. How can I grant moodle administrative access to certain users that login with the SSO.

 

Now to the initial steps to fix the issue.

 

1) I disabled SSO temporariliy so I can login to moodle.

2) Enabled Developer debug

3) Reenabled the SSO plug

4) Debugged the error messages that were presented when testing

5) BAM SSO worked.

 

As an additional side note Kieran's repository says that it works on 2.7.x version of moodle. I have successfully gotten this to work on 2.8.9. So it is safe to say 2.7.x + versions of moodle will work with the current SSO code for moodle in Kieran's repository.