We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61 with the QMR4 apache webagent. I've observed some strange URL rewriting issues involved with multi-domain sign-on and using cookie providers, but nothing that can't be worked around.
Our setup is basically apache reverse-proxies (mod_proxy) behind F5 load-balancers. The reverse-proxies chain through intermediate firewalls through another (forward) mod_proxy to backend DMZ servers. I have been tracing HTTP headers and have not yet seen the behavior you describe. Are you running SiteMinder 5.0? -----Original Message----- From: Martijn Schoemaker [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 28, 2002 11:39 AM To: [EMAIL PROTECTED] Subject: Siteminder/mod_proxy issues Hi all, I have the strangest results in an environment we use at a customer. We have an apache-server with mod_proxy on one node, which forwards it's requests to another apache-server with mod_proxy AND mod_sm from siteminder Netegrity. Both apache servers are 1.3.26, pached with my previously posted 'full reverse proxy' path, a siteminder patch (which cannot be applied because the change seems to be in standard 1.3.26 anyway) and a patch which removes spurious line-feeds/carriage returns in the headers. The strange thing is that some redirects from the application (behind the 2nd proxy) work fine, others work only on IE6 browsers, others crash with a 'DNS error', and all netscapes seem to display the redirect page without actually performing the redirect. The only strange thing I see in the sniffer logs (the redirects are fine, no additional cr/lf's, no other strange things) is that the siteminder cookies are set twice. I afiak the duplication happens on the second proxy but I cannot imagine why. Either there is a problem with the mod_sm making it add the cookies and not replace if they exist, or the mod_proxy duplicates the Set-Cookie headers. I am completely baffled by this issue, and I don't have much hair left on my head ;) My question to y'all is : 1. Has anybody got this same config (using siteminder) ? 2. Does anybody know why the netscape browser does not perform the redirect, except when I press 'reload' ? 3. Has anybody got a hint as to why Set-Cookie headers might be duplicated ? Thanks in advance, Martijn Schoemaker P.S.: Since this infrastucture is SSL on the front, and since browsers nowadays don't support 'view response as-is' anymore (let alone seeing the headers :() I do not have the actual document 'seen' by the browser. -- You have reached the end of the message. Press [t] to go to the top of this message, or [c] to close it.
