Tue, Nov 8, 2005
My good friends at Leeds have been playing around with the Guanxi SP through localhost and were having problems. The attributes arrive from the IdP and the Podder pods them up and sets the cookie. Problem is, seems that Internet Explorer won’t accept cookies for localhost, so the Guard filter never sees the cookie and keeps redirecting to the IdP.
They solved it by creating an alias for localhost in /etc/hosts and accessing the protected resource via the alias, such as http://my.machine instead of http://localhost. They then set the cookie domain to .machine and it works.
There was another interesting problem with the cookie settings. We’d set the cookie lifetime to 30 seconds. Apparently that’s too short for Internet Explorer on an old machine.