Craig, If you could, please try the IISCosign 2.1.0 rc2 filter and see if that resolves any of the issues you're seeing.
More comments below. On May 5, 2008, at 11:36 AM, Farrell, Craig wrote: > Posted last week and still have an issue with our IIS Cosign > filter. Running 2.0.3. Users are getting directed to logon page and > that is successful but then are denied access to the page. Seeing > to errors in Cosign log and event log. Wonder if someone might be > able to point me in the right direction. Filter was working at > version 1.X last week. Broke when I upgraded to 2.0.3. I removed > the entire 1.X filter along with entire IISCosign directory and reg > setting. Wish I didn’t do that now. I reset permission per readme. > This server was a Windows 2000 IIS server that was upgraded to > Windows 2003. Errrors I’m seeing that might be clues as to the > problem. > > > Is this Windows 2003 R2? Looking on my test server, it actually only has permissions set for the IIS_WPG. The internet guest account does not have any permissions to the iiscosign folders or files. > > > Windows application log. > > > > Could not initialize log file C:\Program Files\IISCosign\Logs. > > > There are three things that will cause this to happen: 1) File could not be created (but not access denied) 2) Could not create temporary file name 3) Attempted to make a new log file using a temporary file name and failed (access possibly denied at this point) To see what is happening, using the cosigndbg.dll and either set <WriteDataToEventViewer> to true or use a debug-output-capturing program such as debugview http://technet.microsoft.com/en-us/ sysinternals/bb896647.aspx > > > Cosign log. > > > > [5-4-2008 13:21:20] OnPreprocHeaders(): Could not get > cookie. > > > This is a poor log message that will be corrected in the next release. "Could not get cookie" simply means that there was no cookie found in the web browser headers. This is usually for the one of the following reasons: the user doesn't have a service cookie yet, or the cookie is marked secure and the page is being accessed over http. As you can imagine, the first item happens rather frequently. Jarod > Almost makes me think a process doesn’t have correct permission in > the log and cookieDB directories. There are no files in the > cookieDB directory as yet. The cosign log file appears to be > collecting information. Interesting in the log file error above. If > the cosign log file is collecting events what is the can’t init log > file all about. > > > > Need to get the filter back online soon as we have some important > campus applications on this server. > > > > > > Craig Farrell > Assistant Director of Information Technology > Penn State Altoona > 3000 Ivyside Park > Altoona PA 16601 > (814) 949-5295 > > > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save > $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http:// > java.sun.com/javaone_______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
