We have a 3rd party application which interacts via a handler with our Apache
server that has the COSIGN Apache Filter being used for authentication.
That application uses the SWFUPLOAD.ORG flash utility to do some of its work.
The flash utility cannot supply the cookies back from the browser's cookie
stash so as a result the input from the flash utility back to Apache and then
that 3rd party application are unauthenticate, and COSIGN's redirect sidelines
the entire operation.
IF there were a way to simply materialize REMOTE_USER (and optionally
REMOTE_REALM) without requiring passing through the COSIGN authenticator yet
again, we'd be able to get around this.
The vendor has no other customers using COSIGN, and has asked if there is some
additional configuration that can be done to have COSIGN simply materialize the
authenticated user in REMOTE_USER for the Flash component. Are there any
other COSIGN users out there that use cosign for authentication and then use
SWFUPLOAD.ORG's flash utility, that may have already customized one or the
other and would be willing to share those customizations?
Is there a cosign directive I'm currently missing that would do this? My
Apache config fragments read like:
476: <VirtualHost *:443>
478: SSLEngine on
479: ServerName servicename.domain.edu
482: CosignHostname cosign.domain.edu
483: CosignRedirect https://cosign.domain.edu/
484: CosignPostErrorRedirect https://cosign.domain.edu/
494: CosignService servicename.domain.edu
502: CosignCrypto /dlt/webservers/cms/certs/author-privkey \
/dlt/webservers/cms/certs/author-pubkey.cer \
/dlt/webservers/cosign/certs/
503: CosignProtected off
504: CosignValidReference ^https?:\/\/.*\.domain\.edu(\/.*)?
505: CosignValidationErrorRedirect \
https://cosign.domain.edu/validation_error.html
506: <Location /cosign/valid>
507: Sethandler cosign
508: CosignProtected off
509: Allow from all
510: Satisfy any
: </Location>
515: DocumentRoot "/dlt/webservers/cms/cms.cache"
516: <Directory /dlt/webservers/cms/cms.cache>
519: AuthType Cosign
520: CosignProtected On
527: SetHandler dispatcher-handler
529: AllowOverride None
530: Options -Indexes -FollowSymLinks
531: Order allow,deny
532: Allow from all
: </Directory>
: </VirtualHost>
Local server's host name sanitized to "servicename.domain.edu".
Local system's COSIGN server name sanitized to "cosign.domain.edu"
Handler for 3rd-party software is "dispatcher-handler"
The 3rd-party software is Day Communiqué, a commercial product based on Apache
Sling and JSR-170. One of the primary authors of JCR-170 is Day's Chief
Scientist, Roy Fielding.
--
J.Lance Wilkinson ("Lance") InterNet: [email protected]
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
