Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication

[Josh Thompson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ariel,

The fact that you can go through the authentication and get back to VCL logged 
in means the Shibboleth authentication part is at least mostly working.

Can you log out of VCL and then ensure the VCLAUTH cookie has been deleted?  
Then, in authentication.php, after line 94 which should be:

   # $loginid|$remoteIP|$ts|$authtype|$shibauthid (shibauthd optional)

add

error_log("tmp: >{$tmp}<");

Next, log in and click on somewhere that is giving an error.  Finally, check 
your php error log to see what the value of $tmp was.  The >< characters are 
just to provide some visual delimiters in the log file so you know if any 
whitespace was included at the beginning or end.  $tmp should be the values 
associated with the variables listed from line 94 listed above.  It sounds 
like there's a problem with $shibauthid.

$shibauthid is related to a record inserted into the database that also 
includes a value from $_SERVER['Shib-Session-ID'].  Can you tell if Shib-
Session-ID is available in $_SERVER?

Josh

On Friday, September 25, 2020 12:39:03 PM EDT MARTINEZ, ARIEL wrote:
> I think I confused SHIB_AFFILIATION with AD groups. But I have now confirmed
> that the SHIB_AFFILIATION is being populated from my idp. I logged in
> locally to VCL and I saw it created an allusers group and a shib-member
> group, and the account I used to log in is a member of it. I gave it the
> same permissions as my AD group from the LDAP configuration and proceeded
> to test again. But I am still getting an error page after I log in.
> 
> 
> This time the httpd ssl_error_log logged the following, and no longer refers
> to shib affiliation:
> 
> 
> [Fri Sep 25 12:32:23.943499 2020] [:error] [pid 8232] [client
> 10.32.14.218:52076] PHP Notice:  Undefined offset: 5 in
> /var/www/html/vcl-2.5.1/.ht-inc/authentication.php on line 110, referer:
> https://vcl.hostos.cuny.edu/vcl/ [Fri Sep 25 12:32:23.944325 2020] [:error]
> [pid 8232] [client 10.32.14.218:52076] You have an error in your SQL
> syntax; check the manual that corresponds to your MariaDB server version
> for the right syntax to use near '' at line 1\nSELECT ts FROM shibauth
> WHERE id = \nERROR(101): General MySQL error\nMode was
> viewRequests\n\n\nBacktrace:\n=-=-=-=-=-=-=-=-=-=-=-=\nCall#:1 =>
> index.php:initGlobals() (line#:60)\nCall#:2 => utils.php:readAuthCookie()
> (line#:172)\nCall#:3 => authentication.php:doQuery()
> (line#:114)\n\nBacktrace with Arguments:\n=-=-=-=-=-=-=-=-=-=-=-=\nCall#:1
> => index.php:initGlobals()
> (line#:60)\nArguments(none):\n-----------------------\nCall#:2 =>
> utils.php:readAuthCookie()
> (line#:172)\nArguments(none):\n-----------------------\nCall#:3 =>
> authentication.php:doQuery() (line#:114)\nArguments(2)\n\nArgument#: 1 =>
> SELECT ts FROM shibauth WHERE id = \nArgument#: 2 =>
> 101\n-----------------------\n, referer: https://vcl.hostos.cuny.edu/vcl/
> [Fri Sep 25 12:32:24.012667 2020] [:error] [pid 8232] [client
> 10.32.14.218:52076] PHP Fatal error:  Call to undefined function
> getFooter() in /var/www/html/vcl-2.5.1/.ht-inc/utils.php on line 14234,
> referer: https://vcl.hostos.cuny.edu/vcl/
> 
> ________________________________
> From: MARTINEZ, ARIEL
> Sent: Thursday, September 24, 2020 3:29 PM
> To: user@vcl.apache.org
> Subject: RE: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> Hi Mike,
> 
> Just to understand better, I intend to use Active Directory groups to handle
> permissions in VCL. I already have some defined in a VCL affiliation that
> is configured for LDAP.  How would I go about configuring the same via the
> Shibboleth login? Would I need to add SHIB_AFFILIATION values into the VCL
> configuration?
> 
> I was trying to just use the ldap memberof attribute and transform the claim
> in my idp to SHIB_AFFILIATION, but I’m not sure if that is what VCL
> requires or is expecting, as each of our users would have multiple values.
> 
> Thanks
> 
> From: Mike Jennings <gmjen...@ncsu.edu>
> Sent: Thursday, September 24, 2020 2:53 PM
> To: user@vcl.apache.org
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> Importance: Low
> 
> You will need to go into your attribute map and change affiliation to
> shib_affiliation like you did for shib_eppn.  This should make the
> attributes map correctly.
> 
> Mike
> 
> On Thu, Sep 24, 2020 at 1:28 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>> wrote: I have
> more troubleshooting information that may help. In shib.conf, I created a
> location block as follows:
> 
> 
> <Location /vcl>
>   AuthType shibboleth
>   ShibRequestSetting requireSession false
>   require shibboleth
> </Location>
> 
> 
> Doing so allows me to log into VCL, but when I click on any of the menu
> items I get a VCL error page: " An error has occured. If this problem
> persists, please email vcl_h...@example.org<mailto:vcl_h...@example.org>
> for further assistance. Please include the steps you took that led up to
> this problem in your email message."
> 
> 
> 
> In the ssl_error_log inside of /var/log/httpd I see the following, which the
> first error is "undefined index: SHIB_AFFILIATION". I checked the
> affiliation database and it did create an entry on its own.
> 
> 
> 
> 
> [Thu Sep 24 13:21:01.827984 2020] [:error] [pid 15823] [client
> 10.32.14.218:56400<http://10.32.14.218:56400>] PHP Notice:  Undefined
> index: SHIB_AFFILIATION in
> /var/www/html/vcl-2.5.1/.ht-inc/authmethods/shibauth.php on line 180,
> referer: https://login.hostos.cuny.edu/ [Thu Sep 24 13:21:15.542646 2020]
> [:error] [pid 15820] [client 10.32.14.218:56406<http://10.32.14.218:56406>]
> PHP Notice:  Undefined offset: 5 in
> /var/www/html/vcl-2.5.1/.ht-inc/authentication.php on line 110, referer:
> https://vcl.hostos.cuny.edu/vcl/ [Thu Sep 24 13:21:15.543446 2020] [:error]
> [pid 15820] [client 10.32.14.218:56406<http://10.32.14.218:56406>] You have
> an error in your SQL syntax; check the manual that corresponds to your
> MariaDB server version for the right syntax to use near '' at line
> 1\nSELECT ts FROM shibauth WHERE id = \nERROR(101): General MySQL
> error\nMode was
> viewRequests\n\n\nBacktrace:\n=-=-=-=-=-=-=-=-=-=-=-=\nCall#:1 =>
> index.php:initGlobals() (line#:60)\nCall#:2 => utils.php:readAuthCookie()
> (line#:172)\nCall#:3 => authentication.php:doQuery()
> (line#:114)\n\nBacktrace with Arguments:\n=-=-=-=-=-=-=-=-=-=-=-=\nCall#:1
> => index.php:initGlobals()
> (line#:60)\nArguments(none):\n-----------------------\nCall#:2 =>
> utils.php:readAuthCookie()
> (line#:172)\nArguments(none):\n-----------------------\nCall#:3 =>
> authentication.php:doQuery() (line#:114)\nArguments(2)\n\nArgument#: 1 =>
> SELECT ts FROM shibauth WHERE id = \nArgument#: 2 =>
> 101\n-----------------------\n, referer: https://vcl.hostos.cuny.edu/vcl/
> [Thu Sep 24 13:21:15.610025 2020] [:error] [pid 15820] [client
> 10.32.14.218:56406<http://10.32.14.218:56406>] PHP Fatal error:  Call to
> undefined function getFooter() in /var/www/html/vcl-2.5.1/.ht-inc/utils.php
> on line 14234, referer: https://vcl.hostos.cuny.edu/vcl/
> 
> 
> ________________________________
> From: MARTINEZ, ARIEL
> Sent: Thursday, September 24, 2020 11:36 AM
> To: user@vcl.apache.org<mailto:user@vcl.apache.org>
> Subject: RE: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> I finally got Shibboleth to work properly on the default /secure directory,
> and the Shibboleth attributes in $_SERVER are now present, including
> SHIB_EPPN. However, after authenticating, I am still getting back to the
> VCL login page.
> 
> I double checked the httpd.conf and shib.conf for any other blocks that may
> be enforcing Shibboleth and the only one is in .htaccess in the /vcl
> directory with the following lines:
> 
> AuthType shibboleth
> ShibRequireSession Off
> require shibboleth
> 
> In the affiliation database I set the shibname back to null on an exsiting
> affiliation, so everything is back to default settings per se.
> 
> 
> Should I retry the shibboleth instructions using the /shibauth directory or
> do you think I should try something else?
> 
> Thanks
> 
> 
> 
> 
> From: Mike Jennings <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>
> Sent: Monday, September 14, 2020 6:21 PM
> To: user@vcl.apache.org<mailto:user@vcl.apache.org>
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> Importance: Low
> 
> 
> You might want to look at this documentation
> 
> Mike
> 
> https://wiki.shibboleth.net/confluence/display/SP3/ADFS
> 
> 
> 
> On Mon, Sep 14, 2020 at 6:17 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>>> wrote: The idp is
> ADFS. I don't see a RequestMap block in shibboleth2.xml so I attached a
> copy replacing values with MYDOMAIN
> 
> 
> 
> 
> 
> Thanks
> 
> 
> 
> ________________________________
> 
> From: Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>>>
> 
> Sent: Monday, September 14, 2020 5:59 PM
> 
> To:
> user@vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<
> mailto:user@vcl.apache.org>>
> 
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> 
> 
> Can you tell me what your RequestMap section looks like in your
> shibboleth2.xml file
> 
> 
> 
> On Mon, Sep 14, 2020 at 5:57 PM Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mai
> lto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>>> wrote:
> 
> Nope you should not....
> 
> 
> 
> Are you running a shibboleth idp or a adfs
> 
> 
> 
> Mike
> 
> 
> 
> On Mon, Sep 14, 2020 at 5:18 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>><mailto:AMARTINEZ@hosto
> s.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.ed
> u<mailto:amarti...@hostos.cuny.edu>>>> wrote:
> 
> Tried that, but same result.
> 
> 
> 
> In Shibboleth2.xml file, should REMOTE_USER = “eduPersonPrincipalName” be
> changed to SHIB_EPPN as well?
> 
> 
> 
> Thanks
> 
> 
> 
> From: Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mai
> lto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>>>
> 
> Sent: Monday, September 14, 2020 5:14 PM
> 
> To:
> user@vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<
> mailto:user@vcl.apache.org>><mailto:user@vcl.apache.org<mailto:u...@vcl.apac
> he.org><mailto:user@vcl.apache.org<mailto:user@vcl.apache.org>>>
> 
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> Importance: Low
> 
> 
> 
> try setting ShibRequireSession On
> 
> 
> 
> Mike
> 
> 
> 
> On Mon, Sep 14, 2020 at 5:07 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>><mailto:AMARTINEZ@hosto
> s.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.ed
> u<mailto:amarti...@hostos.cuny.edu>>>> wrote:
> 
> I made the change but it still doesn’t show up in $_SERVER.
> Shibboleth.sso/Session now shows SHIB_EPPN for the attribute name after
> updating the attribute map xml
> 
> 
> 
> Thanks
> 
> 
> 
> 
> 
> From: Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mai
> lto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>>>
> 
> Sent: Monday, September 14, 2020 5:02 PM
> 
> To:
> user@vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<
> mailto:user@vcl.apache.org>><mailto:user@vcl.apache.org<mailto:u...@vcl.apac
> he.org><mailto:user@vcl.apache.org<mailto:user@vcl.apache.org>>>
> 
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> Importance: Low
> 
> 
> 
> Yes, after checking the attribute-map.xml file that you sent me, change the
> eppn lines to SHIB_EPPN and then reboot the shibd process....
> 
> 
> 
> This should pick up the changes in the attribute map and make things work.
> 
> 
> 
> Mike
> 
> 
> 
> On Mon, Sep 14, 2020 at 5:00 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>><mailto:AMARTINEZ@hosto
> s.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.ed
> u<mailto:amarti...@hostos.cuny.edu>>>> wrote:
> 
> Yes, I looked through the shibd.log initially and it looked normal no errors
> that would give a clue to what is happening. I have a test.php file in the
> vcl directory and it prints out many variables except for anything related
> to Shibboleth. I've attached the attribute-map.xml file.
> 
> 
> 
> 
> 
> Thanks
> 
> 
> 
> ________________________________
> 
> From: Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mai
> lto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>>>
> 
> Sent: Monday, September 14, 2020 4:46 PM
> 
> To:
> user@vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<
> mailto:user@vcl.apache.org>><mailto:user@vcl.apache.org<mailto:u...@vcl.apac
> he.org><mailto:user@vcl.apache.org<mailto:user@vcl.apache.org>>>
> 
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> 
> 
> Have you looked for any errors in the shibd.log or the transaction.logs of
> the shibboleth service provider.
> 
> 
> 
> Also have you tried to add a php file to dump the data in the vcl directory
> that contains
> 
> 
> 
> <?php print_r($_SERVER) ?>
> 
> 
> 
> and what does that print out
> 
> 
> 
> Also can you send me a copy of your attribute-map.xml file
> 
> 
> 
> Mike
> 
> 
> 
> On Mon, Sep 14, 2020 at 4:35 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>><mailto:AMARTINEZ@hosto
> s.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.ed
> u<mailto:amarti...@hostos.cuny.edu>>><mailto:amarti...@hostos.cuny.edu<mailt
> o:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.edu<mailto:AMARTIN
> e...@hostos.cuny.edu>><mailto:amarti...@hostos.cuny.edu<mailto:AMARTINEZ@hosto
> s.cuny.edu><mailto:amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.ed
> u>>>>> wrote:
> 
> Hi Mike,
> 
> 
> 
> Both Shibboleth.sso/Status and Shibboleth.sso/Session indicate that the
> Shibboleth SP appears to be running correctly. I can see eppn, mail and
> displayname (haven’t included affiliation) in the session after
> authenticating.
> 
> 
> 
> I just can’t figure out why the $_SERVER variable does not have any
> Shibboleth data even though the session is established. Because of this,
> the authentication in VCL is not working.
> 
> 
> 
> I have a .htaccess file in /var/www/html/vcl directory with the following:
> 
> 
> 
> Authtype shibboleth
> 
> ShibRequireSession off
> 
> Require shibboleth
> 
> 
> 
> So when I select the configured  SSO option in the VCL login, I get
> redirected to my identity provider and it gets redirected back to the /vcl
> webpage but it doesn’t log in.
> 
> 
> 
> Thanks
> 
> 
> 
> 
> 
> From: Mike Jennings
> <gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailt
> o:gmjen...@ncsu.edu>><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mai
> lto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>><mailto:gmjen...@ncsu.edu<m
> ailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu>>
> <mailto:gmjen...@ncsu.edu<mailto:gmjen...@ncsu.edu><mailto:gmjen...@ncsu.edu
> <mailto:gmjen...@ncsu.edu>>>>>
> 
> Sent: Monday, September 14, 2020 11:17 AM
> 
> To:
> user@vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<
> mailto:user@vcl.apache.org>><mailto:user@vcl.apache.org<mailto:u...@vcl.apac
> he.org><mailto:user@vcl.apache.org<mailto:user@vcl.apache.org>>><mailto:user
> @vcl.apache.org<mailto:user@vcl.apache.org><mailto:user@vcl.apache.org<mailt
> o:user@vcl.apache.org>><mailto:user@vcl.apache.org<mailto:u...@vcl.apache.or
> g><mailto:user@vcl.apache.org<mailto:user@vcl.apache.org>>>>
> 
> Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication
> 
> Importance: Low
> 
> 
> 
> Martinez,
> 
> 
> 
> Sorry I am a little late to the game here.
> 
> 
> 
> It has been a long time since I have worked with a Shibboleth SP.
> 
> 
> 
> I am currently assuming that you have setup the Shibboleth SP on a Apache
> HTTPS server.
> 
> 
> 
> I am assuming that you can do the initial test correctly
> 
> 
> 
> 
> 
> You can test to ensure that the SP is running properly and the surrounding
> environment is correct by accessing https://localhost/Shibboleth.sso/Status
> from the actual web server machine. You MUST use "localhost" as the
> hostname or it WILL NOT WORK by default. If this test is successful, then
> the software is ready for further configuration.
> 
> 
> 
> You can also access the Status handler from other clients or using a
> non-localhost name, but only if you change the acl parameter in the
> configuration to permit your client address or remove it entirely to open
> up access to anybody. The ACL is present by default because the Status
> handler can return some arguably sensitive information about your
> configuration.
> 
> 
> 
> 
> 
> You have the attribute-map.xml configured correctly.  You might need to
> contact the Shibboleth IdP Administrator to verify he is releasing
> attributes to your sp and what values need to be modified in that file.
> 
> 
> 
> Thanks,
> 
> 
> 
> Mike Jennings
> 
> 
> 
> On Fri, Sep 11, 2020 at 7:48 PM MARTINEZ, ARIEL
> <amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:AMARTIN
> e...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.edu>><mailto:AMARTINEZ@hosto
> s.cuny.edu<mailto:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.ed
> u<mailto:amarti...@hostos.cuny.edu>>><mailto:amarti...@hostos.cuny.edu<mailt
> o:amarti...@hostos.cuny.edu><mailto:amarti...@hostos.cuny.edu<mailto:AMARTIN
> e...@hostos.cuny.edu>><mailto:amarti...@hostos.cuny.edu<mailto:AMARTINEZ@hosto
> s.cuny.edu><mailto:amarti...@hostos.cuny.edu<mailto:amarti...@hostos.cuny.ed
> u>>>>> wrote:
> 
> Hi Josh,
> 
> 
> 
> Thanks for this info. The problem is that there is no 'SHIB_EPPN' in the
> $_SERVER array. There is no other Shibboleth related entry other than the
> shib session string HTTP_COOKIE.
> 
> 
> 
> Not sure how to correct this. How can the required entry be made to be
> included in the array?
> 
> 
> 
> Thanks
> 
> 
> 
> On Sep 11, 2020 5:39 PM, Josh Thompson
> <josh_thomp...@ncsu.edu<mailto:josh_thomp...@ncsu.edu><mailto:josh_thompson
> @ncsu.edu<mailto:josh_thomp...@ncsu.edu>><mailto:josh_thomp...@ncsu.edu<mail
> to:josh_thomp...@ncsu.edu><mailto:josh_thomp...@ncsu.edu<mailto:josh_thompso
> n...@ncsu.edu>>><mailto:josh_thomp...@ncsu.edu<mailto:josh_thomp...@ncsu.edu><m
> ailto:josh_thomp...@ncsu.edu<mailto:josh_thomp...@ncsu.edu>><mailto:josh_tho
> mp...@ncsu.edu<mailto:josh_thomp...@ncsu.edu><mailto:josh_thomp...@ncsu.edu<
> mailto:josh_thomp...@ncsu.edu>>>>> wrote:

- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found on pool.sks-keyservers.net

All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCX3OYvQAKCRBX8tBw1209
A6/JAJ9gNUAsT+3r0Js5ktrs+vSdj4bDPACcDqGqN2g6gk/2I40ecQISFni5oHE=
=BVsy
-----END PGP SIGNATURE-----