 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: browser redirection loop
Thanks for the response, Graeme. My /var/cosign/filter directory did
have write permission set for the apache process. However, this does
seem to be where the problem is.
I ran fs_usage while trying to connect to my server with cosign,
and the httpd process accesses the /var/cosign/filter directory, and
then attempts to open a file, who's filename looks like the contents
of a cosign cookie. This open fails because the file does not exist.
Should there be files in /var/cosign/filter? Did I miss a step to
populate that directory?
thanks
-kris
On Mon, Aug 15, 2005 at 07:05:30PM +0100, Graeme Wood wrote:
> Check that your apache server has permission to write into the
> directory you configured mod_cosign to use to store its cookies.
>
> Graeme
>
> On 15 Aug 2005, at 18:13, Kris Steinhoff wrote:
>
> >Thanks for the advice, Elias. I verified the dates on my certificates,
> >which look fine. And I had used c_rehash on my CA directory. Still no
> >luck.
> >
> >Anywhere I can check?
> >
> >thanks
> >-kris
> >
> >On Mon, Aug 15, 2005 at 10:35:57AM -0400, Elias Asfaw-Kirby wrote:
> >
> >>Hi Kris,
> >>
> >> I had a similar problem on Windows 2003. Try the following
> >>suggestions
> >>that worked for me:
> >>
> >>http://www.umich.edu/~umweb/software/cosign/cosign-discuss/
> >>msg00394.html
> >>
> >>http://www.umich.edu/~umweb/software/cosign/cosign-discuss/
> >>msg00402.html
> >>and my reply
> >>----
> >> Alright - that worked!
> >>
> >> I really appreciate the help.
> >>
> >> The openssl command returned a good answer, meaning that the
> >>certificate
> >>will expire in the future.
> >>
> >> The re/hashing is where the problem was. I completely overlooked
> >>this step
> >>and was heading down the wrong direction with trying to install
> >>the um cert
> >>as a trusted ca using windows ca authority.
> >>
> >> After re/hashing the um.pem file and changing the config file -
> >>all worked!
> >>(note on windows 2003 - the cosign dll needs to be added as a "Web
> >>Service
> >>Extension" and be "allowed" from IIS Manager)
> >>---
> >>
> >>Best,
> >>
> >>Elias
> >>
> >>On 8/15/05 9:36 AM, "Kris Steinhoff" <steinhof@xxxxxxxxx> wrote:
> >>
> >>
> >>>Hi All,
> >>>
> >>>I'm setting up my OS X Server (10.4.2) as a web server with cosign,
> >>>and I've come up against a problem.
> >>>
> >>>When I visit my server I'm am redirected to weblogin.umich.edu, and
> >>>authenticate normally. But after my browser is sent back to my
> >>>server, the browser is redirected back to weblogin, creating a loop.
> >>>
> >>>With each iteration of the redirection loop, this error is
> >>>printed to
> >>>my apache error log:
> >>>
> >>> mod_cosign: netcheck_cookie: snet_writef failed
> >>>
> >>>My browser times-out after a few bounces (Firefox prints an error
> >>>about possible cookie writing trouble). My cookie settings aren't
> >>>that
> >>>strict and I've tried this with three different browsers, so I don't
> >>>think it's a browser problem. Cookies are set in my browser for both
> >>>my server and weblogin.umich.edu.
> >>>
> >>>Where should I look to fix this? My guess is that it's some where
> >>>towards the end of the process. I'm happy to send along any other
> >>>configuration info.
> >>>
> >>>thanks
> >>>-kris
> >>>
> >>
> >>
> >
>
>
>
--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services
Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.
| 
