	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: browser redirection loop

To: Kris Steinhoff <steinhof@xxxxxxxxx>
Subject: Re: browser redirection loop
From: Graeme Wood <Graeme.Wood@xxxxxxxx>
Date: Mon, 15 Aug 2005 19:05:30 +0100
Cc: cosign-discuss@xxxxxxxxx
In-reply-to: <20050815171349.GE5588@umich.edu>
References: <20050815133600.GA5588@umich.edu> <BF26208D.2C3A%eliasak@umich.edu> <20050815171349.GE5588@umich.edu>

Check that your apache server has permission to write into the
directory you configured mod_cosign to use to store its cookies.

Graeme

On 15 Aug 2005, at 18:13, Kris Steinhoff wrote:

Thanks for the advice, Elias. I verified the dates on my certificates,
which look fine. And I had used c_rehash on my CA directory. Still no
luck.
Anywhere I can check?
thanks
-kris
On Mon, Aug 15, 2005 at 10:35:57AM -0400, Elias Asfaw-Kirby wrote:
Hi Kris,

I had a similar problem on Windows 2003. Try the following suggestions that worked for me:

http://www.umich.edu/~umweb/software/cosign/cosign-discuss/ msg00394.html

http://www.umich.edu/~umweb/software/cosign/cosign-discuss/ msg00402.html and my reply ---- Alright - that worked!

I really appreciate the help.

The openssl command returned a good answer, meaning that the certificate will expire in the future.

The re/hashing is where the problem was. I completely overlooked this step and was heading down the wrong direction with trying to install the um cert as a trusted ca using windows ca authority.

After re/hashing the um.pem file and changing the config file - all worked! (note on windows 2003 - the cosign dll needs to be added as a "Web Service Extension" and be "allowed" from IIS Manager) ---

Best,

Elias

On 8/15/05 9:36 AM, "Kris Steinhoff" <steinhof@xxxxxxxxx> wrote:
Hi All,
I'm setting up my OS X Server (10.4.2) as a web server with cosign,
and I've come up against a problem.
When I visit my server I'm am redirected to weblogin.umich.edu, and
authenticate normally. But after my browser is sent back to my
server, the browser is redirected back to weblogin, creating a loop.
With each iteration of the redirection loop, this error is printed to my apache error log:

mod_cosign: netcheck_cookie: snet_writef failed

My browser times-out after a few bounces (Firefox prints an error about possible cookie writing trouble). My cookie settings aren't that strict and I've tried this with three different browsers, so I don't think it's a browser problem. Cookies are set in my browser for both my server and weblogin.umich.edu.
Where should I look to fix this? My guess is that it's some where
towards the end of the process. I'm happy to send along any other
configuration info.
thanks
-kris
--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services
Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.

Follow-Ups:
- Re: browser redirection loop
  - From: Kris Steinhoff

References:
- browser redirection loop
  - From: Kris Steinhoff
- Re: browser redirection loop
  - From: Elias Asfaw-Kirby
- Re: browser redirection loop
  - From: Kris Steinhoff

Prev by Date: Re: browser redirection loop
Next by Date: Re: browser redirection loop
Previous by thread: Re: browser redirection loop
Next by thread: Re: browser redirection loop
Index(es):
- Date
- Thread