Hi Scott/Jerome/Kevin and all. There was a customisation added in the tomcat which secured cookies on request which was the cause of this . Now we have commented it and the issue is solved.
I am grateful for all of you , speciall thanks to Scott , Jerome who spent valuable time helping me in this issue. Thanks again!! Best Regards, Mckenzie On Wed, Jan 9, 2013 at 1:06 PM, Fredrik Jönsson <f...@kth.se> wrote: > I have missed some of the initial discussion so have patience with me if > I'm writing something really stupid now, in particular I no longer have > access to the HTTP trace you sent. > > I first thought I could replicate this, but realized I was mistaken. I > first confused the *request cookie* the client sends on every GET to the > login page when already authenticated, with a CASTGC without path which > is alright since the path has no meaning in that case, with the > *response cookie* the server sends when successfully authenticating, > which does have path='/' set. > > Any possibility of you doing the same mistake? Especially since you are > working on localhost? > > Mvh, > /Fredrik > > ons 2013-01-09 klockan 12:09 +0530 skrev Mckenzie J: >> No Scott.. we are not using any special settings except for the >> authentication , we have made changes to the deployerConfigContext.xml >> to authenticate users with a database setup in a different machine. >> But i reverted the changes and have also checked with the >> SimpleTestUsernamePasswordAuthenticationHandler. Even then i can see a >> duplicate cookie getting added on a refresh of the page. >> >> Now it is strange. what can be other places to look out for? >> >> Thanks, >> Mckenzie >> >> On Wed, Jan 9, 2013 at 10:24 AM, Scott Battaglia >> <scott.battag...@gmail.com> wrote: >> > I just tried it with CAS Server 3.5.1 and the same Tomcat version you >> > mentioned over SSL using Java 1.6 and I could not replicate your issue. >> > >> > Could there be anything special about your environment? >> > >> > >> > On Tue, Jan 8, 2013 at 9:16 AM, Scott Battaglia <scott.battag...@gmail.com> >> > wrote: >> >> >> >> Thanks! >> >> >> >> I'll try it tonight unless someone else on this thread tries it first. >> >> >> >> >> >> >> >> On Tue, Jan 8, 2013 at 8:31 AM, Mckenzie J <mck2...@gmail.com> wrote: >> >>> >> >>> http://www.jasig.org/cas_server_3_5_1_release >> >>> >> >>> Please click on download on the left for the zip file. >> >>> >> >>> Thanks, >> >>> Mckenzie. >> >>> >> >>> On Tue, Jan 8, 2013 at 6:59 PM, Mckenzie J <mck2...@gmail.com> wrote: >> >>> > yeah it is a typo.My bad. . the version is 3.5.1 and not 3.3 - the >> >>> > version is cas-server-webapp-3.5.1 >> >>> > >> >>> > Thanks, >> >>> > Mckenzie >> >>> > >> >>> > On Tue, Jan 8, 2013 at 6:52 PM, Scott Battaglia >> >>> > <scott.battag...@gmail.com> wrote: >> >>> >> Hi, >> >>> >> >> >>> >> Is that a typo or is it really CAS 3.3? That download page you linked >> >>> >> to >> >>> >> doesn't exist any more. >> >>> >> >> >>> >> Not that I think 3.3 had this issue, but can you try a newer version >> >>> >> since >> >>> >> you're just copying the WAR: >> >>> >> http://www.jasig.org/cas_server_3_5_1_release >> >>> >> >> >>> >> Thanks >> >>> >> Scott >> >>> >> >> >>> >> >> >>> >> On Tue, Jan 8, 2013 at 8:16 AM, Mckenzie J <mck2...@gmail.com> wrote: >> >>> >>> >> >>> >>> Scott, >> >>> >>> >> >>> >>> I downloaded the CAS module from the jasig website and deployed the >> >>> >>> extracted cas war module into tomcat server webapps and made proper >> >>> >>> changes of the server for SSL configuration to get the CAS up and >> >>> >>> running. I did not follow WAR overlay method. We are making use of >> >>> >>> Tomcat 6.0.29 and it is running on a linux machine. >> >>> >>> >> >>> >>> A description deployment steps i have followed: >> >>> >>> >> >>> >>> 1. Downlaod CAS Server zip from >> >>> >>> "http://www.ja-sig.org/products/cas/downloads/index.html";. >> >>> >>> >> >>> >>> 2. Extract the zip file. >> >>> >>> >> >>> >>> 3. Download Apache Tomcat . >> >>> >>> >> >>> >>> 4. Copy "war folder" from "\cas-server-3.3\modules" folder and paste >> >>> >>> it in "<<apache-tomcat-home>>\webapps" folder. >> >>> >>> >> >>> >>> 5. Open "<<apache-tomcat-home>>\conf\server.xml" and uncomment below >> >>> >>> line. >> >>> >>> >> >>> >>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> >>> >>> maxThreads="150" scheme="https" secure="true" clientAuth="false" >> >>> >>> sslProtocol="TLS" /> >> >>> >>> >> >>> >>> 6. Start server. >> >>> >>> >> >>> >>> 7. Open browser and type "https://localhost:8443/cas/login";. A login >> >>> >>> form will be displayed. >> >>> >>> >> >>> >>> Thanks, >> >>> >>> Mckenzie >> >>> >>> >> >>> >>> >> >>> >>> On Tue, Jan 8, 2013 at 10:47 AM, Scott Battaglia >> >>> >>> <scott.battag...@gmail.com> wrote: >> >>> >>> > Mckenzie, >> >>> >>> > >> >>> >>> > Are you using the WAR overlay method for CAS deployments? If so, >> >>> >>> > can >> >>> >>> > you >> >>> >>> > privately send me the ZIP of the overlay (minus any sensitive >> >>> >>> > passwords)? >> >>> >>> > >> >>> >>> > Also, what version of Tomcat are you using? >> >>> >>> > >> >>> >>> > Thanks >> >>> >>> > Scott >> >>> >>> > >> >>> >>> > >> >>> >>> > On Mon, Jan 7, 2013 at 11:57 PM, Mckenzie J <mck2...@gmail.com> >> >>> >>> > wrote: >> >>> >>> >> >> >>> >>> >> hi Jerome/Kevin, >> >>> >>> >> >> >>> >>> >> Please find the Http trace attached.This is the trace of the CAS >> >>> >>> >> war >> >>> >>> >> (cas 3.5.1) deployed in a tomcat on a linux machine and there is >> >>> >>> >> no >> >>> >>> >> custom code existing. I could see only 1 CAS TGC in the cookie >> >>> >>> >> manager (the one with a slash / as set by the CAS code) but >> >>> >>> >> Interestingly i could see the second CASTGC getting added (one >> >>> >>> >> without >> >>> >>> >> the slash /)when i refreshed the page. >> >>> >>> >> >> >>> >>> >> I have added the whole lot of HTTP watch from login to logout of >> >>> >>> >> this >> >>> >>> >> scenario in the attached file. >> >>> >>> >> >> >>> >>> >> Kevin - Ideally we are having a pound server for our development >> >>> >>> >> work. >> >>> >>> >> But now i think the behaviour is evident in the CAS itself. We are >> >>> >>> >> seeing that the additional cookie gets added immediately on a >> >>> >>> >> refresh >> >>> >>> >> of the page once logged in. If we are able to find the cause and >> >>> >>> >> fix >> >>> >>> >> this, it will solve this for good. please help. >> >>> >>> >> >> >>> >>> >> P.S. i am using FF 17.0.1 browser. >> >>> >>> >> >> >>> >>> >> Regards, >> >>> >>> >> Mckenzie >> >>> >>> >> >> >>> >>> >> On Mon, Jan 7, 2013 at 7:12 PM, jleleu <lel...@gmail.com> wrote: >> >>> >>> >> > Hi, >> >>> >>> >> > >> >>> >>> >> > I don't see anything strange in your logs. >> >>> >>> >> > For your scenario : login/logout, can you trace all HTTP >> >>> >>> >> > requests/responses with cookies to see when the second CASTGC is >> >>> >>> >> > created and >> >>> >>> >> > with what parameters ? And post everything one again... >> >>> >>> >> > Thanks, >> >>> >>> >> > Jérôme >> >>> >>> >> > >> >>> >>> >> > -- >> >>> >>> >> > You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> >>> >> > mck2...@gmail.com >> >>> >>> >> > To unsubscribe, change settings or access archives, see >> >>> >>> >> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >>> >> >> >>> >>> >> -- >> >>> >>> >> You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> >>> >> scott.battag...@gmail.com >> >>> >>> >> >> >>> >>> >> To unsubscribe, change settings or access archives, see >> >>> >>> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >>> > >> >>> >>> > >> >>> >>> > -- >> >>> >>> > You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> >>> > mck2...@gmail.com >> >>> >>> > To unsubscribe, change settings or access archives, see >> >>> >>> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >>> >> >>> >>> -- >> >>> >>> You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> >>> scott.battag...@gmail.com >> >>> >>> To unsubscribe, change settings or access archives, see >> >>> >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >>> >> >>> >> >> >>> >> -- >> >>> >> You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> >> mck2...@gmail.com >> >>> >> To unsubscribe, change settings or access archives, see >> >>> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >> >>> -- >> >>> You are currently subscribed to cas-dev@lists.jasig.org as: >> >>> scott.battag...@gmail.com >> >>> To unsubscribe, change settings or access archives, see >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >>> >> >> >> > >> > -- >> > You are currently subscribed to cas-dev@lists.jasig.org as: >> > mck2...@gmail.com >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: mck2...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
