Hello list, We've been extensively using the Digest authentication with Matterhorn to integrate our home-made systems, particularly the Galicaster Capturer. However, we've seen that we are somehow unable to authenticate with the 1.3 release candidate.
This is an example script we are using for testing: echo "----------------------------------------------------------- > ------------------------------------------------------------ > ----------------------" > echo "-----------/welcome.html----------------------------------- > ------------------------------------------------------------ > ----------------------" > echo "----------------------------------------------------------- > ------------------------------------------------------------ > ----------------------" > curl -v -c cookies.txt $server"/welcome.html" \ > --get -H "X-Requested-Auth: Digest" \ > --digest --user $username:$password \ > echo "----------------------------------------------------------- > ------------------------------------------------------------ > ----------------------" > echo "-----------/info/me.json------------------------------ > ------------------------------------------------------------ > --------------------------" > echo "----------------------------------------------------------- > ------------------------------------------------------------ > ----------------------" > curl -v -b cookies.txt $server"/info/me.json" , where me.json could be any other Matterhorn endpoint. What happened in 1.2 is that we could use the cookie received in the "welcome.html" part to access to any other endpoints without further authentication. However, in 1.3 we DO get a cookie and the resource (the welcome.html page), but we remain being an anonymous user. That is surprising, because anonymous users are not supposed to log in the welcome page. On the other hand, we have seen that the integration tests perform the authentication process every time they call an endpoint, instead of obtaining a SESSIONID cookie once and then using it in the following calls (perhaps the http client tries, the authentication fails and it logs in again). I can't think of substantial changes in the authentication policy right now, but I'd be glad to hear from you if this is an intended behavior, if others can reproduce that problem and if you know of some changes in the code that may have caused this issue. Thanks in advance for you input Rubén
_______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
