Re: Cosign Filter creates unparsable URL on post

[johanna bromberg craig <canna@xxxxxxxxx>]

Yup, that sure doesn't work right! :)

The fix will be in 1.8. Thanks for catching this.

-J

On Mar 10, 2005, at 1:20 AM, Brian Hatch wrote:

> Testing out the POST error handling in the case where
> your session may have timed out and you get redirected
> back to the login server.
>
> Looks like the apache filter creates the redirect to
>
> 	https://weblogin.example.com/login/basicosign.cgi?https:// 
> weblogin.example.com/post_error.html=8ntlC3I......A9f4XtYVmg;&https:// 
> servicebox.example.com/cgi-bin/someform.cgi
>
> Normally you have ?cosign-servicename=COOKIE;&https://originalpage/
>
> In this case the service part seems to be replaced by the post_error  
> page, and
> so basicosign.cgi is showing an error with 'Unrecognized Service',
> rather than showing that post_error.html page.
>
> Here's the filter's Apache configuration:
>
>   CosignService           servicebox.example.com
>   CosignCrypto            /var/lib/cosign/ssl/key.pem  
> /var/lib/cosign/ssl/cert.pem /var/lib/cosign/certs
>
>   CosignHostname          weblogin.example.com
>   CosignRedirect https://weblogin.example.com/login/basicosign.cgi
>   CosignPostErrorRedirect https://weblogin.example.com/post_error.html
>
> Any clues?
>
>
>
> --
> Brian Hatch                  Arkansas: One
>    Systems and                Million People,
>    Security Engineer          Fifteen Last Names
> http://www.ifokr.org/bri/
>
> Every message PGP signed