FWIW, in our experience, loops like this have been caused by * Cosign cert not authorized by Cosign server * /cosign/valid directory forbidden
Cory Snavely UM Library IT Core Services On Thu, 2009-07-23 at 11:01 -0400, Mark Montague wrote: > On Thu, Jul 23, 2009 8:51 AM, Joe DeLuca <[email protected]> wrote: > > Upgrading our Cosign filter to v3 on RHEL machine running apache. > > Upgrade worked fine on 2 of the servers I manage, but not so well on the > > third. The browser is getting stuck in a re-direct loop. > > > > The issue I suspected was that the CN of my cert is different from the > > site name (don't ask, I inherited this server). This did not present an > > issue with the v2 filter and the main system support team has assured me > > that I should be able to use the existing cert. But, I've checked > > everything I know to check and have compared the config to that of my > > other machines that are playing nicely with Cosign 3. I've got > > nothing. Any ideas? > > > > What are the URLs that your browser is looping between? Using the Live > HTTP Headers add-on for Firefox can give you a lot of useful information > and show you exactly where in the authentication process things are > going awry. Also be sure to check your web server access logs and error > logs, and ask the people who run your central weblogin servers to check > their web server access logs and cosignd logs. > > Whether the CN of your cert is an issue will depend on the policies of > your local institution and what sorts of service lines have been set up > in cosign.conf on the central weblogin servers. It's possible to have > general, or "default" service entries, that apply to everyone but which > may require adherence to certain standards or policies. It's also > possible to have service-specific service entries (which some people > refer to as "exceptions" to the general policy, if one exists) that > apply only to a specific cosign-protected web server and permit it to > use a specific CN, service name, and/or validation URL. > > Mark Montague > ITS Web/Database Team > The University of Michigan > [email protected] > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
