Hi Jarod, You are exactly right. What we figured out was that the page we set as the destination page after successful login, which is a .NET asp page, was trashing the cosign cookie. As soon as we tried a regular HTML page as the destination, Cosign works as expected.
Thanks for your help, Mike -----Original Message----- From: Jarod Malestein [mailto:[email protected]] Sent: Friday, April 03, 2009 5:35 PM To: Magee, Mike # Atlanta Cc: [email protected] Subject: Re: [Cosign-discuss] IISCosign filter blocks access even though user authenticated Mike, > [2056] OnPreprocHeaders(): Could not get cookie. This line is not an indication of failure. It only means the filter will try create a new login cookie and redirect a user to the login server. Have you tried loading the cosigndbg.dll or cosigntrace.dll? These will produce even more verbose output that will, hopefully, make it easier to figure out exactly where the IIS filter is misbehaving. Jarod On Apr 2, 2009, at 3:22 PM, Magee, Mike # Atlanta wrote: > Hi, > I am currently wrestling with an IISCosign filter problem - even > though the user has logged in successfully, the filter do not allow > access to the target website : > > Extract from weblogin server /var/log/messages: > ---- > Apr 2 15:00:21 hostname cosignd[27874]: connect: 192.168.137.72 Apr > 2 15:00:21 hostname cosignd[27874]: STARTTLS 192.168.137.72 2 > atldev-sso1.atltest.int Apr 2 15:00:21 hostname cosignd[27874]: > REGISTER mageemi ATLSSO1-DEV.COM 192.168.142.118 cosign-IISCosignRH > ---- > > The IISCosign filter does not display the requested website, but > always returns to the website as specified on the line <SiteEntry> in > the config.config.dll file (/portal/rh_portalwide.html): > > Extract from DebugView on IIS web server: > ---- > [2056] url="/AWP/Login.aspx" > [2056] g_cs.cs_sl.getProtectedStatus( "atldev-sso2.atltest.int", 1, > "/AWP/Login.aspx" ) [2056] FOLDERDATA: deleting (null) [2056] Got the > status and it is 1 [2056] /AWP/Login.aspx is PROTECTED. > [2056] Setting COSIGN_SERVICE server variable. > [2056] Done setting COSIGN_SERVICE server variable. > [2056] OnPreprocHeaders(): Could not get cookie. > [2056] REQUEST_METHOD = GET. > [2056] Here's the URL: > https://atldev-sso1.atltest.int/cosign-bin/cosign.cgi?cosign-IISCosign > RH > =yOB5SprWIvfob+iu9OGSrX- > uppzcMRzOsa7XaRVTcvWxaeAwAeguCPUVwdwXVy5AgWHQ8Ry > sCIWKlEEc2uLkJTNkHs77jgDUKWqKxJL4J2+33NlgrdvmQjHZtlHN&http://atldev- > sso2 > .atltest.int/portal/rh_portalwide.html > [2056] Added the response headers: > [2056] Set-Cookie: > cosign-IISCosignRH=yOB5SprWIvfob+iu9OGSrX- > uppzcMRzOsa7XaRVTcvWxaeAwAeguC > PUVwdwXVy5AgWHQ8RysCIWKlEEc2uLkJTNkHs77jgDUKWqKxJL4J2 > +33NlgrdvmQjHZtlHN; > path=/;secure > [2056] Location: > https://atldev-sso1.atltest.int/cosign-bin/cosign.cgi?cosign-IISCosign > RH > =yOB5SprWIvfob+iu9OGSrX- > uppzcMRzOsa7XaRVTcvWxaeAwAeguCPUVwdwXVy5AgWHQ8Ry > sCIWKlEEc2uLkJTNkHs77jgDUKWqKxJL4J2+33NlgrdvmQjHZtlHN&http://atldev- > sso2 > .atltest.int/portal/rh_portalwide.html > [2056] > [2056] > [2056] url="/portal/new3.css" > [2056] g_cs.cs_sl.getProtectedStatus( "atldev-sso2.atltest.int", 1, > "/portal/new3.css" ) [2056] FOLDERDATA: deleting (null) [2056] Got the > status and it is -1 [2056] /portal/new3.css is UNPROTECTED. > > > Is this perhaps because the IISCosign server is unable to get the > cookie > (see 8th line above) or is it some configuration issue? - attaching > cosign.config.dll file. > > Thanks, > Mike > < > cosign > .dll > .config > > > ------------------------------------------------------------------------ ------ > _______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
