Frequently Asked Questions

FAQ: TYPO3 Single Sign-On

When I navigate to the Single Sign-On Content Element, the page does not show up. What's wrong?

Probably something is going wrong with the creation of the signature.
Common reasons are:

a) wrong "SSLPrivateKeyFile" entry in extension setup (go to extension manager!)

b) insufficient access rights on the ssl private key file for the webserver's uid (recommended: webserver owns the file, rights set to -r--------)

c) insufficient access rights on the directory tree where the ssl private key file resides

d) openssl binary not /usr/bin/openssl
You may create a symlink: ln -s `which openssl` /usr/bin/openssl
or change path in the source (i.e. in class.tx_nawsinglesignon_pi1.php )

If you can't figure out what is going on, just try manually:

logon as root

make sure that in /etc/passwd a valid shell (e.g. /bin/sh) is set for wwwrun (or your webserver's uid)

"su - wwwrun" (or your webserver's uid)
and try

"echo -n kekse |/usr/bin/openssl dgst -sha1 -sign SSLPRIVATEKEYFILE > signature.test"
...where SSLPRIVATEKEYFILE is the "SSLPrivateKeyFile" value defined in the extension manager (e.g. /usr/local/sigsso/etc/sigsso_private.key )

This should result in a 256 byte file named "signature.test". If not, you should at least be able to see any problems that occur.

Afterwards, do not forget to change your webserver's shell back to what it was (hopefully /bin/false) in /etc/passwd.

Go back...