On Nov 11, 2009, at 3:09 PM, Jarod Malestein wrote:

> 
> Common causes of browser looping:
> 
> By default, the cosign service cookies are marked as secure, and will  
> not be transmitted over http connections.  The recommend solution is  
> to redirect http requests for cosign-protected pages to the https  
> equivalent.  You can also remove the "secure" flag in the settings,  
> but this is, of course, insecure.  In the cosign.dll.config file for  
> the IIS 6 filter look for the <cookies><secure> option and set it to  
> false.
> 
> Outgoing connections on port 6663 are being blocked and the filter  
> cannot communicate with the weblogin server.
> 
> There is an expired or untrusted certificate being used on either the  
> cosign-protected web server or on the weblogin server.

And in a cosign 3.0 environment:

Your service certificate does not have access to the service cookie in 
question, and so cannot validate the service cookie, cosignd will log this when 
it occurs.

You have /cosign/valid cosign-protected, so the filter cannot validate and set 
the service cookie. This is easier to detect using, as Mark suggested, 
Firefox's Live HTTP Headers add-on.

cosignd should log to /var/log/system.log on Mac OS X.

andrew

> On Nov 11, 2009, at 3:01 PM, Mark Montague wrote:
> 
>> On Wed, Nov 11, 2009 2:42 PM, =?gb2312?B?zsTXvyDVxQ==?= 
>> <andrew...@hotmail.com 
>>> wrote:
>>> The filter redirects to the protected page after validation handler  
>>> is done.
>>> But it seems that the filter cannot find the cookies somehow, then  
>>> it redirects to weblogin server again, going in a loop.
>>> At this point I cannot find more about the problem.
>> 
>> Use Live HTTP Headers or a similar tool to observe the HTTP requests  
>> and responses.  Let us know what the sequence of specific URLS are.
>> 
>> 
>>> Another thing, i cannot find cosignd log on a mac. There is no  
>>> syslog.log on mac os.
>>> Just wondering where the cosignd could write to.
>> 
>> The Mac is your central weblogin server, correct?  cosignd should  
>> not be run on a normal server that serves cosign-protected web pages.
>> 
>> I don't know if anyone has successfuly run a central weblogin server  
>> on a Mac.  There might be changes that are needed to the source code  
>> to make it work.  Out of the box, cosignd will log using the  
>> "daemon" facility.  This does not appear to exist on MacOS 10.5;  
>> have you modified the code?  syslog messages that are logged without  
>> a facility under MacOS X appear in /var/log/system.log
>> 
>> 
>>                Mark Montague
>>                ITS Web/Database Team
>>                The University of Michigan
>> 
>> markm...@umich.edu
>> 
>> 
>> 
> 
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
> 
> !DSPAM:4afb1a69170642560778728!
> 
> 
> 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to