Thursday, 2011-11-17

« Friday, 2011-09-16 Index Friday, 2011-11-18 »
*** WiKIDLogbot (~WiKIDLogb@ec2-174-129-6-100.compute-1.amazonaws.com) has joined ##wikid14:37
card.freenode.netUsers on ##wikid: @WiKIDLogbot14:37
*** WiKIDLogbot (~WiKIDLogb@ec2-174-129-6-100.compute-1.amazonaws.com) has joined ##wikid14:47
card.freenode.netUsers on ##wikid: @WiKIDLogbot14:47
*** WiKIDLogbot (~WiKIDLogb@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid15:03
card.freenode.netTopic for #wikid is: support for the WiKID Strong Authentication System.  If no one is here, try the nabble forums: http://www.wikidsystems.com/support/support/wikid-forums15:03
card.freenode.netUsers on #wikid: WiKIDLogbot @nowen sakhi_ CowboyPride perestre1ka mick_laptop asofrank15:03
*** WiKIDLogbot (~WiKIDLogb@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid15:05
card.freenode.netTopic for #wikid is: support for the WiKID Strong Authentication System.  If no one is here, try the nabble forums: http://www.wikidsystems.com/support/support/wikid-forums15:05
card.freenode.netUsers on #wikid: WiKIDLogbot @nowen sakhi_ CowboyPride perestre1ka mick_laptop asofrank15:05
nowenhey look who it it is15:05
nowenbut are you logging WiKIDLogbot?15:07
*** Gibby13 (~Gibby@cpe-066-057-170-142.sc.res.rr.com) has joined #wikid15:22
Gibby13A server code has to be a static routable internet IP correct?15:23
nowenGibby13: that's the idea, yes15:24
Gibby13hmmm, so no way to specify just a domain name?15:24
nowendns is not supported in this product15:24
nowenyou can nat the IP15:24
nowenand we're coming out with a new product that supports dns15:25
Gibby13yeah just trying to figure out how i would update the server code when my routable IP changes15:25
nowenwe can put an entry into our dns system that would work15:25
nowenthat is how we do the 88888888888 domain, which is clearly not an ip15:26
Gibby13but i have a handful of services and domains running of this 1 IP... would that be an issue?15:26
nowenalso, the PC tokens support changing the default dns - but the smart phone tokens do not15:26
Gibby13right now i have all my domains pointing to a cname that i have with dyndns.org, then that is natted to an apache proxy server, and then it forwards to the correct internal apache server based on the domain name... if I registered my domain with your dns and have it point to my dyndns domain that would work?15:28
Gibby13well i guess it woudln't work b/c i still have to specify a zero-padded ip...15:29
nowenI think so15:29
nowenno, the tokens check the IP and the wikidsystems.net dns15:29
Gibby13so if i register my dns with you, i just put in a private ip for the server code?15:30
nowenno. I would make an entry like 66666666666.wikidsystems.net and point it to your server  server.dyndns.org.15:30
nowenyour domain id would be the 6666 number15:31
Gibby13ahhh ok15:31
Gibby13ok, can you make one for me and have it point to wikid.twoitguys.com ?15:31
nowen host 000000000002.wikidsystems.net15:38
nowen000000000002.wikidsystems.net is an alias for wikid.twoitguys.com.15:38
nowenwikid.twoitguys.com is an alias for mh13.dyndns.org.15:38
nowenmh13.dyndns.org has address 66.57.170.14215:38
Gibby13that should work15:39
Gibby13can i put anything in for the sign-out and change password url?15:48
Gibby13for GSSO?15:48
nowenI just used the same as the sign in, iirc15:49
Gibby13uhoh15:51
Gibby13are the images broken on wikidsystems.com?15:54
nowencould be - what page?15:55
nowenalso - hit shift-r to make sure it's not the cached version15:56
Gibby13http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/installing-the-wikid-strong-authentication-server-enterprise-edition-page-515:56
nowenhit ctrl-shift-R and let me know if they pop up15:57
Gibby13that works for google chrome on linux?15:58
Gibby13ahh yep it is up15:58
nowenyes, works for me15:58
Gibby13ty15:58
nowenwe updated the website and implemented some very aggressive caching.  our google page speed went from 50 to 9015:58
Gibby13awesome15:58
Gibby13broken link in that page15:58
nowenbut it's a hassle for doing edits15:59
Gibby13under figure 22, the link to WiKID software token15:59
nowenthx16:03
Gibby13in the clients, getting unable to resolve server code16:12
*** CowboyPride has quit (Remote host closed the connection)16:22
Gibby13is there a way i can test the server code you gave me?16:34
nowenhave you set it up on your server?16:38
Gibby13yes, what ports do i have to forward?16:40
Gibby13already doing 80 and 44316:41
nowenjust 80 for the tokens16:41
Gibby13what gets pass over 80? does it put in the domain name or just the IP?17:15
nowenall the token traffic goes over port 80.17:17
Gibby13yeah, but what does it look like... is it normal http requests?17:18
*** Will (601394ce@gateway/web/freenode/ip.96.19.148.206) has joined #wikid17:19
Gibby13i need to figure out the header so i can put it in for my apache proxy pass17:19
nowenahh - everything will go to /wikid/17:19
Gibby13ok... my proxypass server is not the same as the wikid server... just need to figure out the rewrite rule for that i guess17:21
nowenyeah, I have a re-write rule for the same server, but not a proxy pass17:25
nowen RewriteRule ^/wikid/(.*) http://localhost:8090/wikid/$1 [P]17:25
nowenis that helps17:25
Gibby13why port 8090?17:27
nowenthat is for our demo wikid server - we are running on the same box as the webserver - which we do not recommend for a production server17:27
Willsilly question, just converted to fedora from the clutches of windows. I have d/l he client but not sure on how to do the install, anyone wanna do a quick walk thru17:28
nowenyou wouldn't want a web vuln resulting in someone owning your wikid server17:28
nowenWill: you can try the install.jar17:28
Gibby13makes sense17:28
Willk,17:29
Gibby13hmmm doesn't seem to be catching the rewrite rule17:29
nowenWill: it should create menu items, etc17:29
nowenWill: let me know if you see version 3.1.15 or 3.1.17 on the download page17:30
nowenthis page: http://www.wikidsystems.com/downloads/token-clients17:31
Will3.1.1517:36
Gibby13did you put your rewrite in the .conf or a .htaccess file?17:36
nowenit is in a .conf17:37
nowenWill: hit ctrl-shift-R17:37
*** Will has quit (Quit: Page closed)17:38
Gibby13hmmm ok, the rewrite rule is working but still no go17:49
Gibby13erk... maybe not17:51
Gibby13so i think i got it working, it goes see this in the logs now. POST /wikid/servlet/com.wikidsystems.server.InitDevice4AES?a=0&CT=0&S=000000000002&lck=0 HTTP/1.1" 200 1 "-" "WiKID Android Token/3.0"18:01
Gibby13however, still get unable to add domain: unable to resolve server code on the client18:01
nowenI recommend you run the j2se token in debug mode and see what is going on18:06
Gibby13how do i enable debug?18:08
Gibby13Could not connect to servercode: 00000000000218:09
Gibby13And18:09
Gibby13Could not obtain configuration for: 00000000000218:10
Gibby13if i run it on the local network it works fine18:10
Gibby13disregard those last 2 errors18:11
nowenhttp://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-run-the-token-in-debug-mode?searchterm=token+debug18:15
nowenpretty handy18:15
nowensomething with the proxypass, I would assume - I'm guessing apache isn't sending the packets back to the token18:18
nowendo you have a ProxyPassReverse line?18:20
Gibby13got it working18:22
nowenwhat was it?18:22
Gibby13not sure, android client still not working18:23
Gibby13seeing this is the socks proxy logs at work18:23
Gibby13http://0.0.0.2/wikid/servlet/com.wikidsystems.server.WikidCode5AES?S=000000000002&D=8665944558249088114&withTTL=1&CT=1, service-http reports: CORE7740: unable to contact 0.0.0.2:80 (IO timeout error)18:23
nowenthe token will try both the IP and the dns18:24
Gibby13    ProxyPass /wikid/ http://192.168.1.19/wikid/18:25
Gibby13    ProxyPassReverse /wikid/ http://192.168.1.19/wikid/18:25
Gibby13those are my proxy lines18:25
Gibby13Google Apps - This account cannot be accessed because we could not parse the login request.18:26
Gibby13got that trying to login18:26
Gibby13well after i login18:26
nowenanything in the WiKIDAdmin logs?18:27
Gibby13what source?18:28
nowennone18:28
nowenset the log level to debug18:29
nowencould very well be no error, since I bet it is something google doesn't like18:29
nowengood luck checking google's logs though18:29
Gibby13nothing in the logs18:30
Gibby13but i am able to bypass wikid and still get in to my google apps18:31
nowenyou should keep a browser window open so you can turn off sso if need be.18:32
Gibby13if i go to https://www.google.com/a/twoitguys.com i can login and bypass wikid.....18:32
nowendid you upload the p12 as a verification cert?18:32
Gibby13yep18:32
nowenso where do you go to login with wikid?18:33
Gibby13mail.twoitguys.com18:33
Gibby13that redirects to my wikid18:33
nowenyeah, I don't think that will work - if the request is coming from mail.twoitguys  and then going to google18:34
*** perestre1ka has quit (Read error: Connection reset by peer)18:34
Gibby13how do you do it?18:35
nowenyou should get redirected to wikid from  https://www.google.com/a/twoitguys.com18:35
nowenor just  https://www.google.com/a18:35
Gibby13it doesn't18:36
Gibby13Use a domain specific issuer18:36
nowentry that last link18:36
Gibby13should i check that?18:37
nowenhttps://www.google.com/a and then type in your domain18:37
nowenstill looks like something is wrong tho18:37
Gibby13same error18:39
Gibby13https://www.google.com/a/twoitguys.com/acs18:39
Gibby13that is the url18:39
nowenis the user being authentication?18:39
Gibby13in wikid?18:40
nowenauthenticated, that is18:40
nowenyes18:40
Gibby13yep18:40
Gibby13wait, how do you tie a user in wikid to a google apps user?18:40
*** perestrelka (~vladdy@194.242.5.47) has joined #wikid18:41
nowenyou use the same username18:41
Gibby13ugh, i have like 6 accounts just for me18:42
Gibby13looks like i have to remove the /acs part18:44
Gibby13ahh wait read that wrong at google18:44
Gibby13looks like if you are a google app admin, you can bypass wikid18:44
Gibby13if needed18:44
nowenhow do you do that? just by adding the /acs?18:45
Gibby13With SSO implemented, domain end users will not be able to log in to Google directly. However, domain admins can still log in to the Google control panel (e.g http://www.google.com/a/yourdomain.com).18:45
*** nowen has parted #wikid (None)18:50
*** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid18:50
Gibby13got it working :)18:50
Gibby13didn't put in https when i configured google sso on the wikid server18:51
Gibby13no to figure out the android client issue18:51
nowennice18:51
Gibby13does the client on android keep logs?18:51
nowenfraid not18:52
nowenwhat is happening?18:52
nowenI wonder if the dns hasn't propagated yes18:53
nowenyet18:53
Gibby13hmm, now the android clients error is, unable to add domina: null18:53
nowencan you add this domain:  888888888888?18:54
Gibby13aakkkkk18:54
Gibby13rm the wrong directory18:54
Gibby13:(18:54
Gibby13have to restore server now18:58
Gibby13will try later18:58
nowenugh19:01
*** fifa (18d5aaa2@gateway/web/freenode/ip.24.213.170.162) has joined #wikid19:13
fifahello room19:13
fifai am new to this19:14
fifai need instructions on how to compile from source code19:14
nowenfifa: it is java19:15
fifai figured19:15
fifaso how do i get it installed ??19:16
nowenwhat os? and what version of wikid?19:17
nowenwe have both rpms and debs19:22
Gibby13sweet, extundelete works19:28
Gibby13ok, now back to the android client issue19:33
Gibby13888888888888 works19:42
Gibby13they are showing up as unregistered devices19:45
Gibby13no results for domain key lookup!19:46
Gibby13that is in the wikidadmin logs19:46
nowenthey should not show up as unregistered unless the PIN gets set19:59
nowenthe 8888 domain is our demo domain. it just shows that it is something particular to your server19:59
nowenare you on wifi or cell?19:59
Gibby13cell20:00
Gibby13when i run the java client remotely it is very laggy... if i run it locally it is very fast... so i would say it is probably something in my proxy pass20:01
Gibby13but still if java work remotely why doesn't android20:01
nowendunno.20:02
Gibby13here what happens in apache logs when i try the android client, http://pastebin.com/MPZciXMt20:02
Gibby13and 3 errors show up in the wikidadmin logs20:03
Gibby13no results for domain key lookup!20:03
Gibby13wkeyfactory is null!!20:03
Gibby13Exception while sending domain configuration20:03
Gibby13here is a trace of the last error http://pastebin.com/DNGfALMc20:04
nowenthis is the Enterprise version, correct?20:08
Gibby13nope20:08
nowenhttp://www.wikidsystems.com/community-version/front-page/support/wikid-support-center/faq/whats-the-difference-between-the-community-release-and-enterprise-release/?searchterm=what%20is%20the%20difference20:09
Gibby13i didn't think android was j2me.....20:11
nowenlol.  that page references our Palm version too20:13
nowenmaybe time for an update20:13
Gibby13yeah... so the android client is only for enterprise then?20:13
nowenyes - all the wireless/smart phone tokens use the Ntru encryption libs20:13
Gibby13ah ok20:14
Gibby13so i can setup a page to use the html5 token tho right?20:14
nowenyes20:14
Gibby13is there a howto for that one?20:17
nowenhttp://www.howtoforge.com/installing-the-wikid-html5-token-client20:18
fifai am using arch linux20:19
Gibby13tomcat?20:19
fifaand i need to use it for arch linux20:19
fifarpm and deb is not supported by arch linux20:20
fifamy only option is to compile/install20:20
fifaare there any docs out there to help me with this ????20:20
nowenfifa: sorry20:22
fifaso my only option is RH/CentOS or Deb20:24
nowenpeople have gotten it running on other flavors20:24
nowenlike slackware20:24
fifaany docs on slackware ??20:25
nowenhttp://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-install-the-wikid-enterprise-on-slackware20:26
Gibby13nowen, i can hit the tomcat server and the HTML5Token webapp... but it is not showing anything the html file21:03
nowenwhat browser?21:05
Gibby13chrome21:06
Gibby13src="/HTML5Token/HTML5Token/HTML5Token.nocache.js"21:07
Gibby13do i need to change that to an absolute path?21:07
*** sakhi_ has quit (Ping timeout: 252 seconds)21:09
*** sakhi (~sakhi@uwcfw.uwc.ac.za) has joined #wikid21:10
Gibby13got it working, did the generate token, now getting a Communication with server failed21:16
Gibby13you can see the error if you go token.twoitguys.com21:19
nowenI'm guessing it is the comms between your token server and the wikid server21:21
Gibby13almost the same error on the test one here21:25
Gibby13http://www.wikidsystems.com/downloads/html5-token21:25
Gibby13do i have to add it as a client?21:28
nowenGibby13: no, you shouldn't21:34
Gibby13nowen, hmmmm21:34
noweni see that error now21:36
nowenmust be my rewrite21:36
Gibby13how do i regenerate the token for html5?21:39
noweni just start a new incognito window.  I think you can also clear your cache21:40
Gibby13ooo so each client generates its own key....hmmmm21:41
nowenanything in your tomcat logs?21:41
Gibby13nope21:42
nowenb/c I see java.io.IOException in catalina.out21:43
Gibby13cleared cache and redid it, have some stuff now21:44
Gibby13http://pastebin.com/hV96fNNK21:46
Gibby13http://code.google.com/webtoolkit/doc/latest/tutorial/RPC.html#serialize21:47
Gibby13where is com.wikidsystems.html5token.client.dto.ConfigurationDTO set at?21:57
Gibby13don't see anything in the forums about HTML5 yet.. :(22:09
noweneither the js in the browser can't get to the tomcat server or the tomcat server can't get to the WiKID server22:24
Gibby13ewww... a users can have multi registered locations?22:28
*** Gibby13 has parted #wikid ("Leaving")22:36
nowenI guess Gibby13 doesn't understand how public keys work22:48
*** nowen has quit (Quit: Leaving.)23:09
« Friday, 2011-09-16 Index Friday, 2011-11-18 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!