	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple cosign configuration and runtime issues

To: Ben Poliakoff <benp@xxxxxxxx>
Subject: Re: multiple cosign configuration and runtime issues
From: kevin mcgowan <clunis@xxxxxxxxx>
Date: Thu, 11 Nov 2004 19:25:54 -0500
Cc: Cosign Discussion <cosign-discuss@xxxxxxxxx>
In-reply-to: <20041111233915.GA10835@tristero.reed.edu>
References: <20041111002742.GR27663@tristero.reed.edu> <91C2B1DE-337D-11D9-9BA2-000A95E48A4E@umich.edu> <20041111233915.GA10835@tristero.reed.edu>

Yup, that's a known issue. What you're seeing is the service-side caching of the service cookie. After the service does a CHECK of your cosign-service cookie it sticks a copy in /var/cosign/filter (or whatever you've configured) so it won't have to talk to the cosign servers again for 2 minutes (the default, can be changed to suit your needs).

in scripts/logout/ (in the cosign source distribution) you'll find a logout.pl that will:

     (1) expire the service-specific cookie
     (2) redirect the user on to your central logout URL

so that after the user logs out they will not still have a (temporarily) valid cosign-service cookie in their browser.

Does that clear things up at all? :)

Kevin

On Nov 11, 2004, at 6:39 PM, Ben Poliakoff wrote:

* johanna bromberg craig <canna@xxxxxxxxx> [041110 17:04]:

My CosignCrypto looks like this:
CosignCrypto    /var/cosign/certs/key.pem /var/cosign/certs/cert.pem
/var/cosign/certs/CA
Shouldn't mod_cosign be looking for /var/cosign/certs/key.pem?
yes, you are 100% correct. This is why i think it's the logout cgi. :)


You mean things don't work well if you're using a 1.7.0 cosign.cgi with
an older logout cgi? :o

Um, yes that seems to be the bulk of the problem <sheepish_blink>.  Oh
dear oh dear oh dear.

Well with *that* out of the way things seem to be working a *lot*
better.  Logouts generate no longer generate errors (and none of those
silly symlinks are needed).  My cosign cookies are working on the
weblogin server itself as well as on a separate server.

Thanks for your patience!

I do notice a variable delay of a few seconds to a few minutes for
logout actually takes effect (i.e. after I logout I can still access a
cosignprotected location for as long as a couple minutes).  It doesn't
seem to be related to browser caching.  Is this a known issue?

Ben

!DSPAM:4193f865138493877935146!

... "you can't give yourself a nickname." ...

Follow-Ups:
- Re: multiple cosign configuration and runtime issues
  - From: Ben Poliakoff

References:
- multiple cosign configuration and runtime issues
  - From: Ben Poliakoff
- Re: multiple cosign configuration and runtime issues
  - From: johanna bromberg craig
- Re: multiple cosign configuration and runtime issues
  - From: Ben Poliakoff

Prev by Date: Re: multiple cosign configuration and runtime issues
Next by Date: Re: multiple cosign configuration and runtime issues
Previous by thread: Re: multiple cosign configuration and runtime issues
Next by thread: Re: multiple cosign configuration and runtime issues
Index(es):
- Date
- Thread