shibboleth-dev - Re: SSO cookie - IDP 1.3.2
Subject: Shibboleth Developers
List archive
- From: Will Norris <>
- To:
- Subject: Re: SSO cookie - IDP 1.3.2
- Date: Fri, 20 Jul 2007 11:33:55 -0700
On Jul 20, 2007, at 1:41 AM, André Cruz wrote:
On 2007/07/19, at 16:03, Scott Cantor wrote:
The cookie is only set if username is not null and we're on the
protected path. The first time username will be null, and the next
time we will not be in the protected path since we already have the
username in the session... Unless we get to a different front-end in
which case the auth is asked again since there is no username or cookie.
I'm not following you here. The cookie can't be set until REMOTE_USER is,
obviously. The first time, yes, it's null, but you do go to the protected
path because if you're on the naked path, REMOTE_USER won't be set...
The problem on my side is that:
ServletPath = /AuthSSO
ProtectedPath = /shibboleth-idp/AuthSSO
So this condition is never true:
if (request.getServletPath().endsWith(support.getIdPConfig ().getProtectedPath())) {
Shouldn't it be the other way arround? ProtectedPath endsWith ServletPath ?
I'm currently using the SSO cookie, but my protectedPath value is "AuthSSO" (note no preceeding slash) and it is working fine. In this case, the above code actually makes sense.
-will
Attachment:
PGP.sig
Description: This is a digitally signed message part
- SSO cookie - IDP 1.3.2, André Cruz, 07/19/2007
- Re: SSO cookie - IDP 1.3.2, Samuel Cochran, 07/19/2007
- RE: SSO cookie - IDP 1.3.2, Scott Cantor, 07/19/2007
- RE: SSO cookie - IDP 1.3.2, Scott Cantor, 07/19/2007
- Re: SSO cookie - IDP 1.3.2, André Cruz, 07/20/2007
- Re: SSO cookie - IDP 1.3.2, Will Norris, 07/20/2007
- RE: SSO cookie - IDP 1.3.2, Scott Cantor, 07/20/2007
- Re: SSO cookie - IDP 1.3.2, André Cruz, 07/20/2007
- Re: SSO cookie - IDP 1.3.2, Samuel Cochran, 07/19/2007
Archive powered by MHonArc 2.6.16.