guanxi localhost problem sorted

Tue, Jun 3, 2008

The localhost tutorial on the wiki used to work just fine but lately I’ve been getting reports of the browser always being redirected back to the WAYF after authenticating at the IdP. This will always happen in IE or Safari as neither support localhost cookies but it was also starting to happen with Firefox. I gave it a go and sure enough, the localhost setup had stopped working.

The first problem was the Guard’s cookie was not being set. This turned out to be a very subtle problem. The Cookie domain for localhost was set to:

<Domain></Domain>

changing it to <Domain/> sorted it. It was now being set. Something very subtle going on with XMLBeans, which I use to parse the config file and the combination of localhost.

The next problem was very weird indeed. The cookie value was being truncated on a “:” boundary. The Podder was setting the cookie value to:

GUARD_-50e375ec:11a4e6abec6:-7ff0

redirecting to the Guard which then got a cookie value of:

GUARD_-50e375ec

For some reason localhost cookie values were being split by the “:” and the rest of the value being dumped. This didn’t occur if normal hostnames were used. Changing “:” to “–” solved the problem.

comments powered by Disqus