I can see from the live header, that the single sign on server is setting cookie, i.e., http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fwcs%2Fj_security_check HTTP/1.1 Set-Cookie: CASTGC=TGC-1-1N7IaTahULnxb6P8E46x2iG5BoG5PDcwQg8AaLyCEFPL6VgwzV; Path=/cas; Secure Set-Cookie: CASPRIVACY=enabled; Path=/cas; Secure it then redirects to application, i.e. GET http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-1-QKX76eV2KhxqMIp3MPvd Note that j_security_check is a filter in the application that validates the ticket issued by the single sign on. However, it doesn't see above cookie. Is there a way to pass cookie from single-sign-on module to the application. The cookie doesn't have any domain when it is returned. Not that, we don't have source code of the single sign on module, so there is very little we can change. Thanks. -Shahzad Bhatti -----Original Message----- From: Axel-Stéphane SMORGRAV [mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx] Sent: Fri 8/12/2005 2:54 AM To: users@xxxxxxxxxxxxxxxx Cc: Subject: RE: [users@httpd] mod_proxy/mod_proxy_html What you need to do is use LiveHTTPHeaders in order to verify that the cookie is indeed delivered to your browser as a Set-Cookie response header. I guess this is done in the HTTP 302 in response to GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check. If that login cookie is "secure" (that is a parameter of the cookie), your browser will not submit it in a request which is not sent over httpS. From what I have understood from your mails, you access your application with http (no S). That may explain why the cookies are not submitted. Another thing that might prevent the browser from submitting the cookie is a mismatch between the cookie domain and the host part of the URL. In order to be submitted, the cookie domain should be extranet.hendrickson-intl.com or hendrickson-intl.com. If that is not the case, the browser will not submit the cookie in requests. If you are uncertain about what is happening, please post the full LiveHTTPHeaders trace starting with the request for https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check, through the first access to http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=xxx Another thing is that there is a little voice in my head telling me that this is not a cookie problem. I am trying to have him shut up, but the little fellow keeps bugging me. I noticed that the query string in the URL http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 contains a variable named "ticket". Would that by any chance be the sign-in ticket?? Then, if the j_security_check failed, I would expect a redirection to the login service, not to another j_security_check... -ascs -----Original Message----- From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] Sent: Thursday, August 11, 2005 6:46 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html Axel, Thanks again, it worked and I was able to go further, however I ran into another problem. We are using single-sign-on that stores ticket in cookie, however it looks like this cookie is not being passed to the client. And it goes into loop, i.e., -- AFTER SUCCESSFUL LOGIN, THE USER IS DIRECTED TO THE APPLICATION (WHICH VERIFIES TICKET) http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 GET /wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 HTTP/1.1 Referer: http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fhendrickson%2Fj_security_check AND IT'S SENDING REDIRECT TO THE SAME URL HTTP/1.x 302 Moved Temporarily Location: http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 Is there any way to add cookie support and break this loop. Regards, Shahzad Bhatti Integrated Software Specialists http://www.issintl.com 1901 North Roselle Road, Suite 450 Schaumburg, IL 60195 Phone: 847-558-5342 Fax: 847-240-5073 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|