Ben wrote:
> I might also suggest that you try to following through the ColdFusion
> Administrator. The configuration wizard actually performs most of these
> steps as part of its check...
>
> 1. Verify that Advance Security is turned enabled.
> 2. Build a security context
> 3. Build a policy.
> 3. Add a rule.
> 4. Assign a user to the policy.
>
> If you are able to do this, I would also suggest deleting and recreating the
> SC1 security context, adding the UserDirectory to the context.
This does not guarantee a successful spectra installation. AFAICS there
are two or three additional problems.
ColdFusion and Siteminder might disagree about the shared secret. This
problem does not manifest itself when you add contexts, rules, etc., but
it does pop up as soon as one does a <cfauthenticate>. This results in
'Internal Security error' messages.
If caching is turned on, siteminder does not detect newly added security
contexts straight away. If you try <cfauthenticate> before siteminder has
caught up, you will get 'Invalid security context' messages. (This is
*not* related to the 'updatesyncdelay' problem, by the way.)
If coldfusion server caching is on, once you get the invalid security
context message, you can never succesfully authenticate again until you
stop and restart coldfusion, or you wait for an insane amount of time.
I think a spectra setup should do the following:-
- read the siteminder cache settings from the registry
- if spectra hasn't yet been configured, turn caching off and inform
the user to stop and restart the siteminder services before continuing
- once security is known to work, turn cache settings back on.
Cheers
Michiel
--
Michiel Boland <[EMAIL PROTECTED]>
Digital Valley Internet Professionals
Plantsoen 17, Wageningen, The Netherlands
Phone: +31 317 465555, Fax: +31 317 460276
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
