On Jun 9, 2009, at 11:25 PM, Josh Campbell wrote: > It looks like you're > right on the money, adding the "CosignCheckIP never" allows > authentication > to complete successfully and the service cookie is being issued. > > I guess that leads to the question, why? Why is it necessary to do > this > even when I'm doing no redirection and simply trying straight > authentication > to a Cosign protected directory on my server? I appreciate having > my hand > held and walked down the path, but I'd like to also understand why > this > works now and didn't before (why the IP mismatch from the internal > IP to the > localhost IP).
I don't know why. mod_cosign isn't the problem here, it's the resolver. For some reason your central login server believes your IP address is in the 172 private space, and the remote IP available to mod_cosign (as store in Apache's data structures) when you visit the protected service is the loopback address, 127.0.0.1. You shouldn't have a problem with an environment that doesn't depend on the loopback device. andrew ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
