Hi, Andrew:
My comments below:
On Wed, Dec 4, 2013 at 4:05 PM, Andrew Mortensen <and...@weblogin.org>wrote:
>
> On Dec 4, 2013, at 1:50 PM, Zhen Qian <zq...@umich.edu> wrote:
>
> > Hi, Andrew:
> >
> > Thanks for your reply. Here are my answers:
> >
> > >> Do you have workflow 1 or 2 implemented? From your description it
> sounds like you're using workflow 1.
> >
> > We have a mix of #1 and #2 deployment now:
> >
> > serviceB is configured to look for any incoming cosign cookies and will
> pass them along. It will also look for any associated proxy cookie files
> and pass the cookies inside. This means serviceA sends both proxy cookies
> for serviceB and serviceC over to serviceB. serviceB will also check if
> there are proxy cookies to pass and send those.
>
> So you're sending the service B *and* C cookie in the Cookie header to
> service B? That's a variation of workflow 2. But service B's app is
> expecting to get the service C cookie from
> /var/cosign/proxy/cosign-serviceB=COOKIE_VALUE. That's workflow 1.
>
> The design seems fishy to me. How's service B handling the proxied cookies
> being passed to it?
>
ServiceB is in mixed mode of #1 and #2 now, since we don't know which way
would work.
Service B currently configured to look for any incoming cosign cookies and
will pass them along. It will also look for any associated proxy cookie
files and pass the cookies inside. This means that multiple cookies are
attached to the request (e.g. one for serviceB, one for serviceC), both
will be passed along. It will also check if there are proxy cookies to pass
and send those. This means we would be sending 4-5 cookies at serviceC ,
but this seems alright in practice.
>
> > The result is serverA gets "Unable to locate the proxy cookie for
> service" status message from serviceB. So I guess it is due to the serviceB
> cannot use the proxy cookie from serviceA to locate the proxy cookie file,
> and furthermore the proxy cookie for serviceC is not effective.
>
> Does it work if you *only* send the service B cookie?
>
The workflow works if I attached the proxy cookie to serviceB I got from
browser by login in to serviceB web interface. So this means that serviceB
can use that proxy cookie, locate the proper proxy cookie file locally in
/var/cosign/proxy, and find the cookie for serviceC and pass it along.
>
> > I do not have access to serviceB log files. And the developer there is
> out for this week.
>
> Can't help you there.
No problem :)
Are you working in UMich? Will you be able to help with the CoSign proxy
cookie setting?
Thanks,
- Zhen
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
