CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cosign Loop Breaking



Hey all,

So we've been kicking this idea around for a while, and wanted to throw it out to the group.

There are a few misconfigurations that can cause a loop where a service will set a cookie, redirect back to the central cosign server, which will try and register the cookie, succeed, redirect back, where the "check" will fail, set a new cookie, redirect, re-register, etc. This will go on until the browser detects "too many redirects" ( this threshold varies by browser ) at which point a very unhelpful message will be thrown by the browser and the user is "stranded."

I propose that we add some code to the cgi that keeps track of the number of REGISTERs in a given time period. Our current idea is to tack on a time stamp and a count to the end of the login (cosign=) cookie, so we'd have:

cosign=[random_bits_here]/[time in seconds]/[number of registers since that time]

If a give login cookie exceeds X registers in N seconds, the cgi can throw a proper error screen giving the user some *actual* information. :) The current defaults I'm thinking of are 10 registers in 30 seconds. This is fairly arbitrary, and just where I'm starting?

Let the discussion begin!

Thanks,
Johanna and the Cosign Dev team



 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010