On Feb 6, 2004, at 3:39 AM, Joerg Heinicke wrote:
On 04.02.2004 07:19, Mark Lundquist wrote:
OK, I am stumped. I'm using the Cocoon (2.1.3) authentication framework, and I can't figure out why I'm failing authentication.Bah. Never mind! I figured out the problem...
<..snip..>
Do you give us a tip? Maybe the next one stumps too ...
Sure. Essentially, my authentication resource was not designed properly to be invoked by the handler. When I invoked it by hand (from a user-agent like curl), it was with a query-string that is correct for how I implemented the resource — so I saw good <authentication> XML. But the handler doesn't invoked it that way, so authentication didn't work!
My authentication structure is a little weird. My client hosts their own big "mother ship" site that includes an area for special people, login required. My application is a sort of satellite that we host (so, remotely — not part of the "mother ship"). This application is for the special people only, and the client wants a seamless, "single sign on" experience, i.e. the special people should not have to authenticate once at the "mother ship" and again at our application.
So — on their page that links to our application, their link will encode the authentication info in the link (in the query string). That is the only thing I authenticate with — I have no local login form. So, my authentication resource must invoke the auth-login action, and if authentication fails it redirects to the "mother ship" login page.
Putting all this together was my first time using the Cocoon auth fw (it's first Cocoon app for that matter), and I wasn't keeping all the balls in the air mentally :-)... finally I realized that whatever the auth resource needs from the original request, it has to get from the "resource" GET parameter. D'oh!
cheers,
~ml
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
