Since no one seems to be able to help, does anyone have suggested placed to seek help? John -----Original Message----- From: John Adamski (Work Account) Sent: Monday, August 10, 2020 8:57 AM To: 'users@xxxxxxxxxxxxxxxx' <users@xxxxxxxxxxxxxxxx> Subject: Credentials not cached for child calls from parent page where they worked cat SuSE-release SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 4 Prior Installs: Openssl 1.0.1 Apache 2.2, perl 520 Current installs: OpenSSL 1.1.1g OpenLdap (slapd) 2.4.47 Server version: Apache/2.4.41 (Unix) perl 5, version 30, subversion 0 (v5.30.0) built for x86_64-linux-thread-multi We recently upgraded our open source products on our ERP Linux server and we are having a problem with child task that require authentication. It is a bit hard to describe but going to try. We have a student portal running on a windows 2012r2 server that brings up web pages hosted by the ERP server which is a SUSE enterprise server. Nothing changed on the windows server, we just upgraded the open source products used on the ERP server. Prior to the upgrade a person would go to a page on the student portal and authenticate, then click on a tab or link to get information that is on the ERP server. This would cause the ERP apache page to display and somehow the credentials would be passed from the windows side to the apache side. Then if the student clicked on a link within the apache page it would again pass along the credentials to this new child page. Since the upgrade on the ERP side the initial apache page works and credentials are passed. however when the link is click we get a unauthorized error on the window server side and the following on the apache side. not sure why showing in the sslerror_log [Fri Aug 07 14:25:11.946586 2020] [ssl:info] [pid 2433] [client 10.125.10.154:60012] AH01964: Connection to child 0 established (server echo.graceland.edu:443) [Fri Aug 07 14:25:11.946972 2020] [ssl:debug] [pid 2433] ssl_engine_kernel.c(2351): [client 10.125.10.154:60012] AH02043: SSL virtual host for servername echo.graceland.edu found [Fri Aug 07 14:25:11.947006 2020] [ssl:debug] [pid 2433] ssl_engine_kernel.c(2351): [client 10.125.10.154:60012] AH02043: SSL virtual host for servername echo.graceland.edu found [Fri Aug 07 14:25:11.947023 2020] [core:debug] [pid 2433] protocol.c(2316): [client 10.125.10.154:60012] AH03155: select protocol from , choices=h2,http/1.1 for server echo.graceland.edu [Fri Aug 07 14:25:11.960121 2020] [socache_shmcb:debug] [pid 2433] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x37 -> subcache 23) [Fri Aug 07 14:25:11.960154 2020] [socache_shmcb:debug] [pid 2433] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32) [Fri Aug 07 14:25:11.960161 2020] [socache_shmcb:debug] [pid 2433] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/219 [Fri Aug 07 14:25:11.960168 2020] [socache_shmcb:debug] [pid 2433] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully [Fri Aug 07 14:25:11.960181 2020] [ssl:debug] [pid 2433] ssl_engine_kernel.c(2236): [client 10.125.10.154:60012] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) [Fri Aug 07 14:25:11.961177 2020] [ssl:debug] [pid 2433] ssl_engine_kernel.c(383): [client 10.125.10.154:60012] AH02034: Initial (No.1) HTTPS request received for child 0 (server echo.graceland.edu:443), referer: http://argh2.graceland.edu/ics/Portlets/CRM/CXWebLinks/Portlet.CXFacultyAdvisor/CXFacultyAdvisorPage.aspx?DestURL=https://echo.graceland.edu/cgi-bin/faculty/stuadv/main.cgi [Fri Aug 07 14:25:11.961285 2020] [authz_core:debug] [pid 2433] mod_authz_core.c(820): [client 10.125.10.154:60012] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://argh2.graceland.edu/ics/Portlets/CRM/CXWebLinks/Portlet.CXFacultyAdvisor/CXFacultyAdvisorPage.aspx?DestURL=https://echo.graceland.edu/cgi-bin/faculty/stuadv/main.cgi [Fri Aug 07 14:25:11.961294 2020] [authz_core:debug] [pid 2433] mod_authz_core.c(820): [client 10.125.10.154:60012] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://argh2.graceland.edu/ics/Portlets/CRM/CXWebLinks/Portlet.CXFacultyAdvisor/CXFacultyAdvisorPage.aspx?DestURL=https://echo.graceland.edu/cgi-bin/faculty/stuadv/main.cgi [Fri Aug 07 14:25:11.961325 2020] [headers:debug] [pid 2433] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [Fri Aug 07 14:25:26.963105 2020] [ssl:debug] [pid 2433] ssl_engine_io.c(1106): [client 10.125.10.154:60012] AH02001: Connection closed to child 0 with standard shutdown (server echo.graceland.edu:443) we are not sure what config file and what in that config file needs to change to get this working again. we tried adding coding for cache based on this http://httpd.apache.org/docs/current/mod/mod_authn_socache.html AuthnCacheSOCache dbm <Directory /opt/apache2/carsi-live/share/cgi-bin/faculty> AllowOverride None Options None AuthType Basic AuthBasicProvider socache dbm #AuthBasicProvider dbm AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s" AuthnCacheProvideFor dbd AuthName "Faculty Access" AuthDBMType GDBM AuthDBMUserFile /opt/apache2/carsi-live/var/authdb/faculty Require valid-user </Directory> we added these lines AuthnCacheSOCache dbm AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s" AuthnCacheProvideFor dbd and change AuthBasicProvider dbm to include socache that didn't seem to help. I thought we were using authn_ but the error talks about authz, which I though already did the caching of credentials. Any suggestions???????? John David Adamski, Sr. Sysadmin/DBA Graceland University, 1 University Place, Lamoni, IA 50140 adamski@xxxxxxxxxxxxx 641-784-5267 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx