MNET Elgg key pair error in Moodle

I have used the mnet plugin to link to moodle, and the link works well except I am getting this error in moodle "The public key you are holding for this host is different from the public key it is currently publishing". And so cannot SSO from Moodle into elgg.

SSO works from Moodle to Mahara so would I be wrong in thinking the problem is at the Elgg end?

I have tried renewing the elgg key and pasting into moodle. Is there an issue with the elgg key generation that I need to address?

 

  • Damian,

    Is this the first time you've tried it or was it working before but not working now?  My initial code had problems during the time that the keys are rotated.  I'm not sure if I was able to include the fix already to the one I uploaded in the plugins section.  I'll need to review it but I won't have time this week as I'm swamped.

    If you renew it there should be no problem though since a new key directly pasted into moodle should work as the problem only exists for the rotating keys when elgg strips out some trailing newlines that moodle expects.

    Also can you enable debug mode on the plugin and there should be several mnet logs going through your server log when you initiate SSO.  That could provide me a better clue as to what's happening.

  • Deds,

    Yes this is the first time of trying the mnet moodle elgg connection. I have tried renewing the key from elgg, but this does not seem to be picked up from the moodle side. I have checked 'View Current public key'. I have also looked in the log with debug mode on and the key pairs are there. The elgg public key is always different to the one displayed on the moodle peer, even after forced key regeneration and relogging into moodle.

    last lines from debug and current public key in elgg

    gMVD+EgbsjCvUZd3X7eWP5LdUiQ= -----END CERTIFICATE-----

    gMVD+EgbsjCvUZd3X7eWP5LdUiQ= -----END CERTIFICATE-----

    Keys from moodle peer

    Public key from the editable area

    F4elYOe7Mi3FV+QuUzl+oQY6eA4=
    -----END CERTIFICATE-----

    public key from moodle after the "The public key you are holding for this host is different from the public key it is currently publishing" error message.

    Ia/8ziG/8aS329Id3As6Ue33f4o=

    -----END CERTIFICATE-----

    So neither key appears to be the elgg latest key.

    The peer key from moodle is remaining unchanged

    I appeciate the feedback, thank you.

  • Deds, here is the mnet log from the moodle-elgg integration, any suggestions on this appreciated, thanks.

    guid: 426

    type: object

    subtype: 6

    owner_guid: 2

    container_guid: 2

    site_guid: 1

    access_id: 2

    time_created: 1269556127

    time_updated: 1269556127

    enabled: yes

    tables_split: 2

    tables_loaded: 2

    title: OpenSSL keypair

    description:

    Metadata

    certificate: -----BEGIN CERTIFICATE----- MIIEEjCCA3ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvTELMAkGA1UEBhMCVUsx EjAQBgNVBAgTCUFtbWFuZm9yZDESMBAGA1UEBxMJQW1tYW5mb3JkMRMwEQYDVQQK EwpEYW1pYW5lbGdnMQ0wCwYDVQQLEwRNTmV0MR4wHAYDVQQDExVodHRwOi8vbG9j YWxob3N0L2VsZ2cxHjAcBgNVHRETFWh0dHA6Ly9sb2NhbGhvc3QvZWxnZzEiMCAG CSqGSIb3DQEJARYTZGRhbW1hbnZAbGl2ZS5jby51azAeFw0xMDAzMjUyMjI4NDda Fw0xMDA0MjIyMjI4NDdaMIG9MQswCQYDVQQGEwJVSzESMBAGA1UECBMJQW1tYW5m b3JkMRIwEAYDVQQHEwlBbW1hbmZvcmQxEzARBgNVBAoTCkRhbWlhbmVsZ2cxDTAL BgNVBAsTBE1OZXQxHjAcBgNVBAMTFWh0dHA6Ly9sb2NhbGhvc3QvZWxnZzEeMBwG A1UdERMVaHR0cDovL2xvY2FsaG9zdC9lbGdnMSIwIAYJKoZIhvcNAQkBFhNkZGFt bWFudkBsaXZlLmNvLnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD6Wz5 EwDUO1TTbjY94SSfMFegs1Mhxwj7t4LK4t0ZZkuvgWfDPV44xlsuT2w3TFKOe3NG KnZ06LyXSiYEOFXRhI5RLgbKlsnDnICJaB0jW/ZKSiYziXjXeb/tdaU0H7h0bIMr 2A773a1bkJDXbExpFK9Wbq/ytixPYQR/FrObYQIDAQABo4IBHjCCARowHQYDVR0O BBYEFBx0f6z4BhEJGRB65GT9RjNFPxB6MIHqBgNVHSMEgeIwgd+AFBx0f6z4BhEJ GRB65GT9RjNFPxB6oYHDpIHAMIG9MQswCQYDVQQGEwJVSzESMBAGA1UECBMJQW1t YW5mb3JkMRIwEAYDVQQHEwlBbW1hbmZvcmQxEzARBgNVBAoTCkRhbWlhbmVsZ2cx DTALBgNVBAsTBE1OZXQxHjAcBgNVBAMTFWh0dHA6Ly9sb2NhbGhvc3QvZWxnZzEe MBwGA1UdERMVaHR0cDovL2xvY2FsaG9zdC9lbGdnMSIwIAYJKoZIhvcNAQkBFhNk ZGFtbWFudkBsaXZlLmNvLnVrggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE BQADgYEAGKlVmdiclbXIvKoefcnJWyRDkEyVLKT51/pYyCrFptBFF3z0pTkmSbw1 EChIBsELo95EOjabkY3xrS1YvGNNhFzxKVfKTICnh5t/0BVWMgiQ52UG5k++1+j3 5qgEsFNaTrCeDXtXpcYOawau85aK7/T0/Gu0CuXVP118OIQwqsY= -----END CERTIFICATE-----

     

  • Damian,

    Can you try these steps:

    1. force generate a new pair in elgg
    2. visit your moodle network peer details for elgg
    3. at this point it should show non-matching keys. try copying over the reported key and replace the one in the textarea
    4. at this point it should report matching. if it still reports non-matching but you are definitely sure that both are the same try editing mnet_support/lib/mnet_application_elgg.php. look for the functions get_current_keypair and get_keypair_history then remove the ."\n" chunks (should be 2 of them per function)
  • Deds tried all your suggestions unfortuately without success. However I have realised that when ever I select "view current public key" the displayed public key changes, is this as it should be?

    So when I use the peer hyperlink to moodle I get 7025: certificate error with a key displayed twice

    elgg to moodle mnet peer error

    I think I may restart from scratch with the edited mnet_application_elgg.php.

    Many thanks for your suggestions.

  • Damian,

    The displayed public key shouldn't change until when it expires and it will automatically generate a new one.  What version of Elgg are you using it on?  I believe I've seen what you're experiencing but that was during early stages of development.  I'll try to recall what conditions exhibit that behavior and get back to you.

  • Deds,

    I am using elgg Release - 1.6.1, Version - 2009072201but upgrading is not a problem.

    Many thanks.

  • Damian,

    That version should be ok as that's what I wrote it on.  Can you set the plugin's debug setting to on then test again so that it logs.  Then send me the relevant apache log files or php log file if you've set it to log to another file.  If possible send me a zip copy of the module as installed on your server.  Send it to deds AT solutiongrove . com.  Note that I can only get to reviewing it when I have free time so I can't guarantee quick results as of the moment.

  • hi there , i got the same problem ...any solution  or any hints ?

    Greets