On Nov 11, 2009, at 3:09 PM, Jarod Malestein wrote: > > Common causes of browser looping: > > By default, the cosign service cookies are marked as secure, and will > not be transmitted over http connections. The recommend solution is > to redirect http requests for cosign-protected pages to the https > equivalent. You can also remove the "secure" flag in the settings, > but this is, of course, insecure. In the cosign.dll.config file for > the IIS 6 filter look for the <cookies><secure> option and set it to > false. > > Outgoing connections on port 6663 are being blocked and the filter > cannot communicate with the weblogin server. > > There is an expired or untrusted certificate being used on either the > cosign-protected web server or on the weblogin server.
And in a cosign 3.0 environment: Your service certificate does not have access to the service cookie in question, and so cannot validate the service cookie, cosignd will log this when it occurs. You have /cosign/valid cosign-protected, so the filter cannot validate and set the service cookie. This is easier to detect using, as Mark suggested, Firefox's Live HTTP Headers add-on. cosignd should log to /var/log/system.log on Mac OS X. andrew > On Nov 11, 2009, at 3:01 PM, Mark Montague wrote: > >> On Wed, Nov 11, 2009 2:42 PM, =?gb2312?B?zsTXvyDVxQ==?= >> <andrew...@hotmail.com >>> wrote: >>> The filter redirects to the protected page after validation handler >>> is done. >>> But it seems that the filter cannot find the cookies somehow, then >>> it redirects to weblogin server again, going in a loop. >>> At this point I cannot find more about the problem. >> >> Use Live HTTP Headers or a similar tool to observe the HTTP requests >> and responses. Let us know what the sequence of specific URLS are. >> >> >>> Another thing, i cannot find cosignd log on a mac. There is no >>> syslog.log on mac os. >>> Just wondering where the cosignd could write to. >> >> The Mac is your central weblogin server, correct? cosignd should >> not be run on a normal server that serves cosign-protected web pages. >> >> I don't know if anyone has successfuly run a central weblogin server >> on a Mac. There might be changes that are needed to the source code >> to make it work. Out of the box, cosignd will log using the >> "daemon" facility. This does not appear to exist on MacOS 10.5; >> have you modified the code? syslog messages that are logged without >> a facility under MacOS X appear in /var/log/system.log >> >> >> Mark Montague >> ITS Web/Database Team >> The University of Michigan >> >> markm...@umich.edu >> >> >> > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Cosign-discuss mailing list > Cosign-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/cosign-discuss > > !DSPAM:4afb1a69170642560778728! > > > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
