Andrew, I'm sorry if my previous message didn't make it though, I'd answered some of your questions/concerns in that message. Permissions are OK, I can write to filters using the apache user without a problem. I've also commented out the rewrite rules entirely and I'm trying to protect a local directory and get the helloCosign scripts to work, so the setup is extremely simple at this point - one server and one client running Cosign. It looks like you're right on the money, adding the "CosignCheckIP never" allows authentication to complete successfully and the service cookie is being issued.
I guess that leads to the question, why? Why is it necessary to do this even when I'm doing no redirection and simply trying straight authentication to a Cosign protected directory on my server? I appreciate having my hand held and walked down the path, but I'd like to also understand why this works now and didn't before (why the IP mismatch from the internal IP to the localhost IP). Thanks again! Josh -----Original Message----- From: Andrew Mortensen [mailto:[email protected]] Sent: Tuesday, June 09, 2009 11:22 AM To: Josh Campbell Cc: [email protected]; [email protected] Subject: Re: [Cosign-discuss] Cosign Apache Help On Jun 9, 2009, at 12:58 AM, Josh Campbell wrote: > Anyone? I'm still at a dead stop - can't figure this out. Why > wouldn't the > service cookies get created on the client server? As I mentioned before, there are any number of reasons. First check permissions. I'm assuming you've verified that you can as the Apache user create and modify arbitrary files and directories in /var/cosign/ filter. The filter should be logging errors if it has no access to / var/cosign/filter. I've already described another scenario, in which validation of the cookie or destination URL fails. Having looked at your configuration files, I thought it might be a bad RewriteRule. Then I saw this in the logs you included: [Fri Jun 05 00:28:21 2009] [error] mod_cosign: initial server ip info 172.16.XX.XXX does not match browser ip 127.0.0.1 You need to set "CosignIPChecking never" in the vhost context, and things should work. IP checking defaults to "initial". In most cases this won't be an issue, but your complicated test environment triggers the initial IP check error, and you aren't let into the protected service. It's likely you'd have run into a similar problem with cosign 2.1. andrew ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
