Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. Re: Cookie/redirect problems (Gavin Carr)
2. Apache::AuthTkt and setting bits (Michael Peters)
3. Re: Apache::AuthTkt and setting bits (Michael Peters)
4. cookie missing for IE client but not Firefox. (Qiang Lee)
5. Re: cookie missing for IE client but not Firefox. (Michael Peters)
6. Re: cookie missing for IE client but not Firefox. (Qiang Lee)
7. Re: cookie missing for IE client but not Firefox. (Michael Peters)
----------------------------------------------------------------------
Message: 1
Date: Fri, 28 Sep 2007 09:06:01 +1000
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Cookie/redirect problems
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Thu, Sep 27, 2007 at 10:48:21AM +0100, Andy Cummins wrote:
> Hi there,
> I'm having trouble with my server that's using the modauthtkt
> module. Basically I use it on Apache 2 to enable single sign on
> across multiple domains however I have been having a problem whereby
> a user goes to a site and the browser gives them an error specifying
> that the page will never redirect properly.
>
> I have a feeling it's trying to use a cookie which has expired or
> something as the URL has an authtkt string appended to the end
> however it never passes through to the protected site.
>
> I realise this is vague but any ideas would be greatly appreciated...
Er, yes.
What's the text of the error?
Is this using a single apache instance?
What does your mod_auth_tkt config look like (without the TKTAuthSecret,
of course)?
What version of mod_auth_tkt?
Cheers,
Gavin
------------------------------
Message: 2
Date: Wed, 10 Oct 2007 14:24:12 -0400
From: Michael Peters <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] Apache::AuthTkt and setting bits
To: modauthtkt <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
If you're using Apache::AuthTkt and you have the apache config and tell it to
parse that, then you're ok, but if you don't have the config handy (like say the
cookie generator is on a different box than the cookie consumer) and you want to
set those attributes by hand, it doesn't quite work. Here's an example:
# this *should* work right?
my $at = Apache::AuthTkt->new(
secret => 'pssst, don't tell anyone',
debug => 1,
ignore_ip => 1,
);
But it doesn't instead. You have to do this:
my $at = Apache::AuthTkt->new(
secret => 'pssst, don't tell anyone',
);
$at->debug(1);
$at->{ignore_id} = 1;
Should this be fixed? I wouldn't mind it if I was forced to use methods to set
those flags instead of all together in the constructor, but having to use keys
in the object's private hash? ick.
If you agree that this needs fixing, I'll work up a patch and tests...
--
Michael Peters
Developer
Plus Three, LP
------------------------------
Message: 3
Date: Wed, 10 Oct 2007 15:22:10 -0400
From: Michael Peters <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Apache::AuthTkt and setting bits
To: Michael Peters <[EMAIL PROTECTED]>
Cc: modauthtkt <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Michael Peters wrote:
> If you agree that this needs fixing, I'll work up a patch and tests...
Here are those patches I mentioned, against the 0.05 version on CPAN.
--
Michael Peters
Developer
Plus Three, LP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: authtkt.pm.patch
Type: text/x-patch
Size: 4201 bytes
Desc: not available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t-01_basic.t.patch
Type: text/x-patch
Size: 1540 bytes
Desc: not available
------------------------------
Message: 4
Date: Thu, 11 Oct 2007 10:07:00 -0700 (PDT)
From: Qiang Lee <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
hi,
i am new to mod_auth_tkt and trying to use it for our
app authentication(no authz). one problem that i am
experiencing is that tickt cookie doesn't get sent
upon successful logging when using IE. it works for
firefox (i.e the cookie is set on the client side).
has anyone had this kind of problem before?
i am using Apache/1.3.36, mod_auth_tkt/2.0.0rc2,
Apache-AuthTkt-0.05
apache config is
RewriteEngine On
RewriteRule ^/$ /app [R,L]
RewriteRule ^/index/?$ /app [R,L]
RewriteRule ^/index.html?$ /app [R,L]
<Location /app>
AuthType Basic
AuthName "My Auth"
require valid-user
TKTAuthLoginURL
http://www.example.com/app/account/login
TKTAuthTimeout 2m
TKTAuthTimeoutRefresh .5
TKTAuthDebug 0
TKTAuthGuestLogin on
TKTAuthGuestFallback on
</Location>
The vast majority of the website is publicly
accessible, but there are a few pages/actions that
require logging in.
hench the protected and public content are behind the
same location as you can see.
thanks,
Lee
____________________________________________________________________________________
Tonight's top picks. What will you watch tonight? Preview the hottest shows on
Yahoo! TV.
http://tv.yahoo.com/
------------------------------
Message: 5
Date: Fri, 12 Oct 2007 08:35:02 -0400
From: Michael Peters <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Qiang Lee <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Qiang Lee wrote:
> i am new to mod_auth_tkt and trying to use it for our
> app authentication(no authz). one problem that i am
> experiencing is that tickt cookie doesn't get sent
> upon successful logging when using IE. it works for
> firefox (i.e the cookie is set on the client side).
> has anyone had this kind of problem before?
How are you creating the actual cookie? That's not done by mod_auth_tkt, so it's
in your code somewhere. Browsers can be picky about cookies and the formats you
use, so a cookie that might work in FF won't necessarily work in IE. Using
something like LiveHTTPHeaders in FF to see what the actual cookie string looks
like. And then compare that to cookies that you know work in IE.
--
Michael Peters
Developer
Plus Three, LP
------------------------------
Message: 6
Date: Fri, 12 Oct 2007 05:59:19 -0700 (PDT)
From: Qiang Lee <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Michael Peters <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
thanks for the reply. see below for the http header
for both IE and FF. the cookies are exact same for FF
and IE. what am i missing?
--- Michael Peters <[EMAIL PROTECTED]> wrote:
> Qiang Lee wrote:
>
> > i am new to mod_auth_tkt and trying to use it for
> our
> > app authentication(no authz). one problem that i
> am
> > experiencing is that tickt cookie doesn't get sent
> > upon successful logging when using IE. it works
> for
> > firefox (i.e the cookie is set on the client
> side).
> > has anyone had this kind of problem before?
>
> How are you creating the actual cookie? That's not
> done by mod_auth_tkt, so it's
> in your code somewhere. Browsers can be picky about
> cookies and the formats you
> use, so a cookie that might work in FF won't
> necessarily work in IE. Using
> something like LiveHTTPHeaders in FF to see what the
> actual cookie string looks
> like. And then compare that to cookies that you know
> work in IE.
>
> --
my $cookie = $q->cookie(
-name => 'auth_tkt',
-value => $tkt,
-expires => '+1h',
);
$q->redirect( -uri => '/', -cookie => $cookie );
here is FF header:
POST /app/account/process_login HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com/app/account/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
back=&username=testuser&password=1234567
HTTP/1.x 302 Found
Date: Fri, 12 Oct 2007 00:39:23 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Set-Cookie:
auth_tkt=YTg3OWYyZjVlYmQ5ZTllM2Q3NWExNzdmMTRhMjI3ZGI0NzBlYzIzYnRlc3R1c2VyITI%3D;
path=/; expires=Fri, 12-Oct-2007 01:39:23 GMT
Location: /app
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain
----------------------------------------------------------
http://www.example.com/app
GET /app HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com/app/account/login
Cookie:
auth_tkt=YTg3OWYyZjVlYmQ5ZTllM2Q3NWExNzdmMTRhMjI3ZGI0NzBlYzIzYnRlc3R1c2VyITI%3D
HTTP/1.x 200 OK
Date: Fri, 12 Oct 2007 00:39:24 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
----------------------------------------------------------
here is IE header
POST /app/account/process_login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/msword,
application/x-shockwave-flash,
application/vnd.ms-excel,
application/vnd.ms-powerpoint, */*
Referer: http://www.example.com/app/account/login
Accept-Language: en-us,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Host: www.example.com
Content-Length: 40
Connection: Keep-Alive
Cache-Control: no-cache
back=&username=testuser&password=1234567
HTTP/1.1 302 Found
Date: Fri, 12 Oct 2007 00:01:20 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Set-Cookie:
auth_tkt=NmY4ZDFiZDZhODgxZTk0ZTkwNDIyZjU5MmRmNGMwY2Q0NzBlYjk1MXRlc3R1c2VyITI%3D;
path=/; expires=Fri, 12-Oct-2007 01:01:21 GMT
Location: /app
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain
GET /app HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/msword,
application/x-shockwave-flash,
application/vnd.ms-excel,
application/vnd.ms-powerpoint, */*
Referer: http://www.example.com/app/account/login
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Host: www.example.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 Oct 2007 00:01:21 GMT
Server: Apache/1.3.36 (Unix) mod_auth_tkt/2.0.0rc2
mod_perl/1.29
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
> Michael Peters
> Developer
> Plus Three, LP
>
>
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for
today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
------------------------------
Message: 7
Date: Fri, 12 Oct 2007 09:08:15 -0400
From: Michael Peters <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] cookie missing for IE client but not
Firefox.
To: Qiang Lee <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Qiang Lee wrote:
> Set-Cookie:
> auth_tkt=YTg3OWYyZjVlYmQ5ZTllM2Q3NWExNzdmMTRhMjI3ZGI0NzBlYzIzYnRlc3R1c2VyITI%3D;
> path=/; expires=Fri, 12-Oct-2007 01:39:23 GMT
Why is it on multiple lines like that? Is that something you did? I was under
the impression that 1 header meant 1 line.
And it's not that your code will create different cookies for FF or IE. They
will be the same HTTP header. It's that IE isn't understanding that HTTP header.
Look at the Set-Cookie header for a cookie you know works in IE and compare it
to this one.
--
Michael Peters
Developer
Plus Three, LP
------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 13, Issue 1
***********************************************
