On 2015-05-05 10:30, Syed O. Karimushan wrote:
Here's the issue - the internal server works fine when we go to the central login server and return without using the proxy server. But going through the proxy, it never finishes authentication. It gets hung on /cosign/valid URL. Looks like it makes it back to the internal server as the internal logfile records it
The internal server should be communicating with the central weblogin servers to verify that the user authenticated and to set a service cookie. It will also verify the URL that the user (supposedly) was originally trying to access to be sure that it is a legitimate URL for the internal server (check your CosignValidReference directive to be sure that the regexp matches the URL being passed in the query string for /cosign/valid, and, if not, fix this problem). If these checks succeed, the internal server should be generating a 302 redirect to the original URL -- check your internal server logs to be sure this is happening, and check the proxy server logs to be sure that the redirect is being passed through back to the visitor's web browser.
Please post the series of requests and replies that the web browser is making, as captured by Live HTTP Headers or a similar web browers plugin.
Also, include the proxy server request logs and the internal server request logs.
Finally, include your IISCosign configuration.
Before I post anything else, how much should I post on this listserv without compromising security?log entry? configuration section?
Make sure you do not post any private keys or passwords to the mailing list. If you have sensitive data in the logs, such as personally identifying data for real users, replace it with placeholders such as XXXXXX, username1, 1.2.3.4, or hostA.example.com before posting to the mailing list.
If you are relying on security by obscurity (that is, if people can gain unauthorized access just by knowing certain details about your configuration), eliminate this problem before posting to the mailing list.
-- Mark Montague m...@catseye.org
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
