mnet SSO doesn´t work: Curl error: 52: Empty reply from server

mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by Klaus Steitz -
Number of replies: 5
Picture of Plugin developers Picture of Testers

Hello Mahoodle-professionals,

we are using Moodle 2.3.3+ and Mahara 1.6.5 working fine. But i´m not able to establish the mnet connection to SSO from Moodle to Mahara. Moodle uses a loadbalancer (mahara uses different subnet as moodle), according to the colleagues network permissions are granted.

All settings are done according to the current manual including an institution in mahara ("mahoodle")  with the XMLRPC-authentication. Public Keys on Moodle and Mahara are valid.

If a user clicks on the moodle front page the link to mahara in the box "Network Servers", forwarding to mahara works fine. But login doesn´t work. Frontend-error:

"

Sorry, we could not log you in.
 Sorry, we could not log you into Mahara at this time. Please try again shortly. If the problem persists, contact your administrator.

"

error-log (domain-name effaced with *), browser-address http://mahara-dev.***.de/auth/xmlrpc/land.php?token=1506facbec76a6b4217f7344d85412b0f30b0fa2&idp=https://mdl-alpha.***.de&wantsurl=:

[WAR] cb (lib/web.php:3554) Curl error: 52: Empty reply from server
Call stack (most recent first):
log_message("Curl error: 52: Empty reply from server", 8, true, true) at /var/www/lib/errors.php:109
log_warn("Curl error: 52: Empty reply from server") at /var/www/lib/web.php:3554
mahara_http_request(array(size 9)) at /var/www/api/xmlrpc/client.php:71
Client->send("https://mdl-alpha.***.de") at /var/www/auth/xmlrpc/lib.php:119
AuthXmlrpc->request_user_authorise("1506facbec76a6b4217f7344d85412b0f30b0fa2", "https://mdl-alpha.***.de") at /var/www/auth/xmlrpc/land.php:94
[WAR] cb (api/xmlrpc/client.php:93) Curl error: 52: Empty reply from server
Call stack (most recent first):
Client->send("https://mdl-alpha.***.de") at /var/www/auth/xmlrpc/lib.php:119
AuthXmlrpc->request_user_authorise("1506facbec76a6b4217f7344d85412b0f30b0fa2", "https://mdl-alpha.***.de") at /var/www/auth/xmlrpc/land.php:94

 

Going to the mahara machine and doing:
wget https://mdl-alpha.***.de/mnet/publickey.php
results in:
--2013-06-17 10:51:06--  https://mdl-alpha.***.de/mnet/publickey.php
Resolving mdl-alpha.***.de (mdl-alpha.***.de)... 130.**.***.66
Connecting to mdl-alpha.***.de (mdl-alpha.***.de)|130.**.***.66|:443... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

Any ideas? Further information to analyse i can give anytime.

Thank you!

 (Posted this also in the mahara.org-Forum)

 

kind regards
Klaus

Average of ratings: -
In reply to Klaus Steitz

Re: mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by John Tutchings -

Have you checked the time on the servers? The SSO request has a time stamp or "time to live" and if the servers time is out it considers that the SSO request is stale and thus refuses the request.

Average of ratings: -
In reply to John Tutchings

Re: mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by Klaus Steitz -
Picture of Plugin developers Picture of Testers

Hi John,

thanks for your reply.

The time is synchron. The servers use the date of (university) time servers (via NTP).

Average of ratings: -
In reply to Klaus Steitz

Re: mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Klaus,
could you share the network architecture of the components of your overall LB/HA cluster?

I could guess that the load balancer is a SW one (Apache, HA Proxy, Pound, Nginx, <whatever>) and the nodes behind the balancer are on a private subnet while the public IPs of both the farms, Moodle and Mahara, are VIP owned by the load balancer being clustered for HA i.e. the two Application Clusters (farms) are sharing the same load balancing infrastructure.

Under this context, it could be possible that, when the two farms talk each other, - being their traffic managed through the same balancer - the request is sent to the VIP as expected but the balancer replies on the public network and the backend nodes could not receive it because of e.g. you're NATting the traffic of the single nodes in both farms.

To test it try to make a wget call from an external network as well as to create an MNET connection between a Moodle instance on a server having a public IP address and your clustered Moodle or Mahara: if it will work, add a static route on the farm nodes to correct the issue.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Klaus,
FYI another user having issues with MNET between clustered Moodle and Mahara found the solution for its own deployment (Apache as Reverse Proxy) using ProxyPreserveHost On. Details in: https://moodle.org/mod/forum/discuss.php?d=231094#p1003916.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

[Fixed] Re: mnet SSO doesn´t work: Curl error: 52: Empty reply from server

by Klaus Steitz -
Picture of Plugin developers Picture of Testers

Thanks for your answers. Login to Mahara using Moodle now works. The reason were missing network-permissions.

Average of ratings: -