cookie problems

Tue, Nov 8, 2005

My good friends at Leeds have been playing around with the Guanxi SP through localhost and were having problems. The attributes arrive from the IdP and the Podder pods them up and sets the cookie. Problem is, seems that Internet Explorer won’t accept cookies for localhost, so the Guard filter never sees the cookie and keeps redirecting to the IdP.

They solved it by creating an alias for localhost in /etc/hosts and accessing the protected resource via the alias, such as http://my.machine instead of http://localhost. They then set the cookie domain to .machine and it works.

Another wee problem was turning off javascript. I forgot there’s no submit button on the Shibboleth ISTS redirector page, which automatically submits a form containing the Base 64 encoded SAML Response to the SP. If javascript is turned off all you get is a blank page! Must do something about that.

There was another interesting problem with the cookie settings. We’d set the cookie lifetime to 30 seconds. Apparently that’s too short for Internet Explorer on an old machine.

comments powered by Disqus