Skip to Content.
Sympa Menu

shibboleth-dev - Re: SSO cookie - IDP 1.3.2

Subject: Shibboleth Developers

List archive

Re: SSO cookie - IDP 1.3.2


Chronological Thread 
  • From: Will Norris <>
  • To:
  • Subject: Re: SSO cookie - IDP 1.3.2
  • Date: Fri, 20 Jul 2007 11:33:55 -0700

On Jul 20, 2007, at 1:41 AM, André Cruz wrote:

On 2007/07/19, at 16:03, Scott Cantor wrote:

The cookie is only set if username is not null and we're on the
protected path. The first time username will be null, and the next
time we will not be in the protected path since we already have the
username in the session... Unless we get to a different front-end in
which case the auth is asked again since there is no username or cookie.

I'm not following you here. The cookie can't be set until REMOTE_USER is,
obviously. The first time, yes, it's null, but you do go to the protected
path because if you're on the naked path, REMOTE_USER won't be set...


The problem on my side is that:

ServletPath = /AuthSSO
ProtectedPath = /shibboleth-idp/AuthSSO

So this condition is never true:

if (request.getServletPath().endsWith(support.getIdPConfig ().getProtectedPath())) {

Shouldn't it be the other way arround? ProtectedPath endsWith ServletPath ?

I'm currently using the SSO cookie, but my protectedPath value is "AuthSSO" (note no preceeding slash) and it is working fine. In this case, the above code actually makes sense.

-will

Attachment: PGP.sig
Description: This is a digitally signed message part




Archive powered by MHonArc 2.6.16.

Top of Page