On Thu, Jul 23, 2009 8:51 AM, Joe DeLuca <[email protected]> wrote:
> Upgrading our Cosign filter to v3 on RHEL machine running apache.
> Upgrade worked fine on 2 of the servers I manage, but not so well on the
> third. The browser is getting stuck in a re-direct loop.
>
> The issue I suspected was that the CN of my cert is different from the
> site name (don't ask, I inherited this server). This did not present an
> issue with the v2 filter and the main system support team has assured me
> that I should be able to use the existing cert. But, I've checked
> everything I know to check and have compared the config to that of my
> other machines that are playing nicely with Cosign 3. I've got
> nothing. Any ideas?
>
What are the URLs that your browser is looping between? Using the Live
HTTP Headers add-on for Firefox can give you a lot of useful information
and show you exactly where in the authentication process things are
going awry. Also be sure to check your web server access logs and error
logs, and ask the people who run your central weblogin servers to check
their web server access logs and cosignd logs.
Whether the CN of your cert is an issue will depend on the policies of
your local institution and what sorts of service lines have been set up
in cosign.conf on the central weblogin servers. It's possible to have
general, or "default" service entries, that apply to everyone but which
may require adherence to certain standards or policies. It's also
possible to have service-specific service entries (which some people
refer to as "exceptions" to the general policy, if one exists) that
apply only to a specific cosign-protected web server and permit it to
use a specific CN, service name, and/or validation URL.
Mark Montague
ITS Web/Database Team
The University of Michigan
[email protected]
------------------------------------------------------------------------------
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
