cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: multiple cosign configuration and runtime issues
Yup, that's a known issue. What you're seeing is the service-side
caching of the service cookie. After the service does a CHECK of your
cosign-service cookie it sticks a copy in /var/cosign/filter (or
whatever you've configured) so it won't have to talk to the cosign
servers again for 2 minutes (the default, can be changed to suit your
in scripts/logout/ (in the cosign source distribution) you'll find a
logout.pl that will:
(1) expire the service-specific cookie
(2) redirect the user on to your central logout URL
so that after the user logs out they will not still have a
(temporarily) valid cosign-service cookie in their browser.
Does that clear things up at all? :)
On Nov 11, 2004, at 6:39 PM, Ben Poliakoff wrote:
* johanna bromberg craig <canna@xxxxxxxxx> [041110 17:04]:
My CosignCrypto looks like this:
CosignCrypto /var/cosign/certs/key.pem /var/cosign/certs/cert.pem
Shouldn't mod_cosign be looking for /var/cosign/certs/key.pem?
yes, you are 100% correct. This is why i think it's the logout cgi. :)
You mean things don't work well if you're using a 1.7.0 cosign.cgi with
an older logout cgi? :o
Um, yes that seems to be the bulk of the problem <sheepish_blink>. Oh
dear oh dear oh dear.
Well with *that* out of the way things seem to be working a *lot*
better. Logouts generate no longer generate errors (and none of those
silly symlinks are needed). My cosign cookies are working on the
weblogin server itself as well as on a separate server.
Thanks for your patience!
I do notice a variable delay of a few seconds to a few minutes for
logout actually takes effect (i.e. after I logout I can still access a
cosignprotected location for as long as a couple minutes). It doesn't
seem to be related to browser caching. Is this a known issue?
... "you can't give yourself a nickname." ...