Google Groups Home
Help | Sign in
ESOE Users
+ new post
Home
About this group
Join this group
Message from discussion strange apache spep redirect problem
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
Jim  
View profile
  More options May 28, 1:22 am
From: Jim <thatsj...@gmail.com>
Date: Tue, 27 May 2008 08:22:37 -0700 (PDT)
Local: Wed, May 28 2008 1:22 am
Subject: strange apache spep redirect problem
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
Hi all,

Sometimes after I authenticate successfully to a service node, the
"Security Verified" screen pops up and then tries to redirect back the
the service, but then the service just redirects back to the "Security
Verified" page and it gets stuck in a loop where it will retry about
once a second.

Here is a trace of the http requests from my browser (i changed the
domains to be generic):

11:12:46.796    1.297   *       GET     (Aborted)       *       https://mywebapp.domain.com/
11:12:46.875    0.093   0       GET     200     text/html; charset=utf-8
https://mywebapp.domain.com/spep/sso?redirectURL=Lw==&ts=1211886659111
11:12:47.15     1.266   *       POST    (Aborted)       *       https://login.domain.com/sso
11:12:47.187    1.234   *       POST    (Aborted)       *       https://mywebapp.domain.com/spep/sso
11:12:48.93     1.235   *       GET     (Aborted)       *       https://mywebapp.domain.com/
11:12:48.156    0.078   0       GET     200     text/html; charset=utf-8
https://mywebapp.domain.com/spep/sso?redirectURL=Lw==&ts=1211886660401
11:12:48.281    1.234   *       POST    (Aborted)       *       https://login.domain.com/sso
11:12:48.421    1.219   *       POST    (Aborted)       *       https://mywebapp.domain.com/spep/sso
11:12:49.328    1.218   *       GET     (Aborted)       *       https://mywebapp.domain.com/
11:12:49.390    0.078   0       GET     200     text/html; charset=utf-8

 I am using apache spep 0.52 and esoe 0.7 .  When I look at the logs I
get this:

spep::AuthnProcessor - Successfully inserted authenticated session
(1399c1ce56f725286349d1898ac359c0415094dc-4741
4ba6da2a406adb6d5d9f60f-1211899185) into session cache.
2008-05-27 10:39:45 [AUTHN] spep::AuthnProcessor - Authenticated new
session. SPEP Session ID:
1399c1ce56f725286349d1898ac359c0415094dc-47418
ba6da2a406adb6d5d9f60f-1211899185
2008-05-27 10:39:45 [DEBUG] spep::AuthnProcessor - Couldn't verify
existing session:
1399c1ce56f725286349d1898ac359c0415094dc-47418aea3852829
adb6d5d9f60f-1211899185. Failing.
2008-05-27 10:39:45 [DEBUG] spep::AuthnProcessor - Going to create a
new AuthnRequest
2008-05-27 10:39:45 [DEBUG] spep::AuthnProcessor - Created
unauthenticated session for new AuthnRequest. SAML ID:
_2788f2d2ccbb07a39851b057f2 4-b0960630d12b506ff05bce69e4a170f1

I am concerned that it might be the " Couldn't verify existing
session: " that is creating the problem, because then it just
immediately tries to create a new session.

Also: sometimes it will eventually redirect back to the application
after a few iterations of the redirects. Other times it will never
work and stay in the loop indefinitely (but if i interrupt the loop by
typing in "https://mywebapp.domain.com", everything works as it should
and I am successfully authenticated and all my attributes are passed
through to mywebapp.)

any ideas?

Thanks!
Jim


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google