Thanks Andrew,
DebugView doesn't seem to be getting any trace statements when I run as
admin on the webserver. Do I need to turn something on to get these trace
statements to show up in DebugView (I have selected all the capture
options)?
I've attached the successful FF login sanitized headers and the failing IE
login sanitized headers. Fwiw, when I copy the location header and paste it
in my IE address bar the login finishes successfully. There may be a subtle
difference between the headers but nothing obvious stands out to me at an
initial glance.
-Luke
734.604.2271
On Fri, Feb 28, 2014 at 10:11 AM, Andrew Mortensen <and...@weblogin.org>wrote:
>
> On Feb 27, 2014, at 5:14 PM, Luke Palnau <lpal...@umich.edu> wrote:
>
> > Anyone running IIS Cosign run into issues with Internet Explorer failing
> to get redirected from the .../cosign/valid.. url to the destination url
> and getting logged in, instead it just sits at .../cosign/valid... with an
> empty response. I ask because Chrome/FF seem to not experience the issue
> that I'm seeing with Internet Explorer 10 & 9 and
> https://devweb.dev.umich.edu.
>
> Take a look at the requests and responses involved after installing the
> ieHTTPHeaders explorer bar:
>
> http://www.blunck.info/iehttpheaders.html
>
> Compare traffic there with traffic captured using FF's Live HTTP headers
> add-on. Does it stop with an error
>
> I do know that IE has traditionally had a lower limit for maximum number
> of redirects than the other major browsers. If I'm remembering right, IE's
> max was 10 redirects, where Firefox, for example, would allow up to 20.
>
> The other thing to do is install DebugView on your IIS server, and see if
> the cosign module's throwing an error internally. If it is, post the
> sanitized debug log to the list.
>
> andrew
>
POST /cosign-bin/cosign.cgi HTTP/1.1
Host: weblogin.umich.edu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
https://weblogin.umich.edu/?cosign-devweb.dev&https://devweb.dev.umich.edu/
Cookie: __unam=REMOVED; cosign=REMOVED
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 131
ref=https%3A%2F%2Fdevweb.dev.umich.edu%2F&service=cosign-devweb.dev&required=&login=REMOVED&password=REMOVED&tokencode=
HTTP/1.1 302 Found
Date: Fri, 28 Feb 2014 17:30:40 GMT
Server: Apache
Set-Cookie: cosign=REMOVED; path=/; secure
Location:
https://devweb.dev.umich.edu/cosign/valid?cosign-devweb.dev=REMOVED&https://devweb.dev.umich.edu/
Content-Length: 402
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
https://devweb.dev.umich.edu/cosign/valid?cosign-devweb.dev=REMOVED&https://devweb.dev.umich.edu/
GET /cosign/valid?cosign-devweb.dev=REMOVED&https://devweb.dev.umich.edu/
HTTP/1.1
Host: devweb.dev.umich.edu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
https://weblogin.umich.edu/?cosign-devweb.dev&https://devweb.dev.umich.edu/
Cookie: __unam=REMOVED; __utma=REMOVED;
__utmz=REMOVED.utmcsr=weblogin.umich.edu|utmccn=(referral)|utmcmd=referral|utmcct=/;
__utmb=REMOVED
Connection: keep-alive
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://devweb.dev.umich.edu/
Server: Microsoft-IIS/7.0
Set-Cookie: cosign-devweb.dev=REMOVED;path=/;secure ;httponly;
X-Powered-By: ASP.NET
X-Server: newprod
Date: Fri, 28 Feb 2014 17:30:40 GMT
Content-Length: 152
----------------------------------------------------------
https://devweb.dev.umich.edu/
GET / HTTP/1.1
Host: devweb.dev.umich.edu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
https://weblogin.umich.edu/?cosign-devweb.dev&https://devweb.dev.umich.edu/
Cookie: __unam=REMOVED; __utma=REMOVED;
__utmz=REMOVED.utmcsr=weblogin.umich.edu|utmccn=(referral)|utmcmd=referral|utmcct=/;
__utmb=REMOVED; cosign-devweb.dev=REMOVED
Connection: keep-alive
HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Date: Fri, 28 Feb 2014 17:30:41 GMT
Connection: close
Content-Type: text/html
Page-Completion-Status: Normal, Normal
Expires: <cfoutput>Friday,Feb 28 2014 12:30:41 PM</cfoutput>
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: CFID=REMOVED; path=/;
Set-Cookie: CFTOKEN=REMOVED; path=/;
POST /cosign-bin/cosign.cgi HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml,
image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://weblogin.umich.edu/cosign-bin/cosign.cgi
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64;
Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729;
Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: weblogin.umich.edu
Content-Length: 129
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __unam=REMOVED; __utma=REMOVED;
__utmz=REMOVED.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cosign=REMOVED
ref=https%3A%2F%2Fdevweb.dev.umich.edu%2F&service=cosign-devweb.dev&required=&login=REMOVED&password=REMOVED&tokencode=
HTTP/1.0 302 Found
Date: Fri, 28 Feb 2014 17:34:24 GMT
Server: Apache
Set-Cookie: cosign=REMOVED; path=/; secure
Location:
https://devweb.dev.umich.edu/cosign/valid?cosign-devweb.dev=REMOVED&https://devweb.dev.umich.edu/
Content-Length: 402
Connection: close
Content-Type: text/html; charset=iso-8859-1
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
