On Feb 28, 2014, at 3:10 PM, Luke Palnau <lpal...@umich.edu> wrote: > Thanks Andrew, > > DebugView doesn't seem to be getting any trace statements when I run as admin > on the webserver. Do I need to turn something on to get these trace > statements to show up in DebugView (I have selected all the capture options)? > > I've attached the successful FF login sanitized headers and the failing IE > login sanitized headers. Fwiw, when I copy the location header and paste it > in my IE address bar the login finishes successfully. There may be a subtle > difference between the headers but nothing obvious stands out to me at an > initial glance.
It looks to me like IE's not even making the request for the /cosign/valid URL on your protected server. The capture shows it receiving the 302 redirect, and then nothing. Compare with the Firefox headers, where FF receives the 302, and subsequently sends the GET for /cosign/valid. That smells like IE's security zones settings preventing the redirect from actually taking place. Can you take a look to see if those settings are somehow interfering? (See: http://stackoverflow.com/questions/11889759/what-can-cause-ie9-to-fail-on-a-redirect) andrew > On Fri, Feb 28, 2014 at 10:11 AM, Andrew Mortensen <and...@weblogin.org> > wrote: > > On Feb 27, 2014, at 5:14 PM, Luke Palnau <lpal...@umich.edu> wrote: > > > Anyone running IIS Cosign run into issues with Internet Explorer failing to > > get redirected from the .../cosign/valid.. url to the destination url and > > getting logged in, instead it just sits at .../cosign/valid... with an > > empty response. I ask because Chrome/FF seem to not experience the issue > > that I'm seeing with Internet Explorer 10 & 9 and > > https://devweb.dev.umich.edu. > > Take a look at the requests and responses involved after installing the > ieHTTPHeaders explorer bar: > > http://www.blunck.info/iehttpheaders.html > > Compare traffic there with traffic captured using FF's Live HTTP headers > add-on. Does it stop with an error > > I do know that IE has traditionally had a lower limit for maximum number of > redirects than the other major browsers. If I'm remembering right, IE's max > was 10 redirects, where Firefox, for example, would allow up to 20. > > The other thing to do is install DebugView on your IIS server, and see if the > cosign module's throwing an error internally. If it is, post the sanitized > debug log to the list. > > andrew > > <sanitized-FF.txt><sanitized-IE10.txt>
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
