Cross-domain auth not working
Concerned version
Version: %1.9.19
Platform: Apache
Summary
After upgrading to 1.9.19 from 1.9.16, cross-domain authentication does not work anymore. It seems like the CDA session is created but an error occurs while reloading it in the handler.
Logs
Portal/Manager logs:
[Wed May 15 13:27:53.284997 2019] [perl:debug] [pid 59779] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Update sessionInfo cookie_name with lemonldap-pp
[Wed May 15 13:27:53.285008 2019] [perl:debug] [pid 59779] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Try to get SSO session 35ba86f2595e2df27ac5ecbc7f463d6b
[Wed May 15 13:27:53.286823 2019] [perl:debug] [pid 59779] CGI.pm(114): /usr/share/perl5/Lemonldap/NG/Portal/Simple.pm 945:
[Wed May 15 13:27:53.286835 2019] [perl:error] [pid 59779] Session kind mistmatch
[Wed May 15 13:27:53.287031 2019] [perl:debug] [pid 59779] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: CDA redirection to https://nantes-admin-pp.nantes.fr/?lemonldap-ppcda=35ba86f2595e2df27ac5ecbc7f463d6b
Handler logs:
[Wed May 15 13:27:53.372937 2019] [perl:debug] [pid 51670] ApacheMP2.pm(75): SharedConf.pm(188): Lemonldap::NG::Handler: configuration is up to date
[Wed May 15 13:27:53.373074 2019] [perl:debug] [pid 51670] ApacheMP2.pm(75): Main.pm(350): CDA request with id 35ba86f2595e2df27ac5ecbc7f463d6b
[Wed May 15 13:27:53.412894 2019] [perl:debug] [pid 51670] ApacheMP2.pm(75): Main.pm(291): Get CDA session 35ba86f2595e2df27ac5ecbc7f463d6b
[Wed May 15 13:27:53.438162 2019] [perl:debug] [pid 51670] ApacheMP2.pm(75): /usr/share/perl5/Lemonldap/NG/Handler/Main.pm(355):
[Wed May 15 13:27:53.438220 2019] [perl:error] [pid 51670] Lemonldap::NG::Handler: CDA request for id 35ba86f2595e2df27ac5ecbc7f463d6b is not valid
Backends used
Our sessions are stored in PostgreSQL.
Possible fixes
I tried to comment out lines 112 to 117 in "Common/Session.pm", without success:
if ( $self->kind ) {
unless ( $data->{_session_kind} eq $self->kind ) {
$self->error("Session kind mistmatch");
return undef;
}
}