Login Cookies - Results Authorization

Post Reply
rjhertzberg
Posts: 23
Joined: Wed Sep 10, 2008 10:38 am

Login Cookies - Results Authorization

Post by rjhertzberg »

Hello:

I am trying to configure search results authorization based on forwarding login cookies.

It seems to be attempting to authorize properly because it will correctly redirect me to the Login URL. However, after logging in, it doesn't recognize the cookie that I have listed in the Login Cookies textbox. So, my question is, what should I be entering in the Login Cookies text box? Would it just be the name of the cookie, or something else? Can you provide a quick sample?

Thank You,
Russell
User avatar
Kai
Site Admin
Posts: 1270
Joined: Tue Apr 25, 2000 1:27 pm

Login Cookies - Results Authorization

Post by Kai »

You enter just the name of the cookie. It is case-sensitive. For example, many sites store session information in ASPXSession or the like.
rjhertzberg
Posts: 23
Joined: Wed Sep 10, 2008 10:38 am

Login Cookies - Results Authorization

Post by rjhertzberg »

Kai - Thanks for the response. I'm obviously not doing something correctly, because I can't seem to get this to work properly. Let me briefly try to explain what I'm attempting, and maybe you can point me in the right direction.

We are using CAS as our SSO system. I was successfully able to set up the appliance to crawl one of our sites, Knowledge Tree, that is configured to authenticate via CAS.

I set up the Results Authorization on the profile to forward login cookies. In the Login Cookies section, I added all of the cookie names (in their proper case) that are set by both the CAS and Knowledge Tree system (I wasn't sure if it needed the CAS or KT cookies, so I added them all). Then I added the url to the CAS login page with a parameter pointing back to the %REFERER% in the "Login URL" text box(http://cas.server.com/login/?service=%REFERER%).

When I perform a search, it takes me to the CAS login, as expected, since I'm not logged on at that point. However, when I'm redirected back to the search results, it then redirects me back to CAS. Since I'm already authenticate through CAS, it then redirects me back to the search results and so on...

So, it looks like I either don't have the right cookie name in the Login Cookies section, or I don't have something else set properly on the search authorization properties. I'm pretty sure that the cookie names are right - am I missing something else, or do you have any other thoughts?

I appreciate the help!

Thanks,
Russell
User avatar
Kai
Site Admin
Posts: 1270
Joined: Tue Apr 25, 2000 1:27 pm

Login Cookies - Results Authorization

Post by Kai »

All of the cookies listed in Login Cookies are required to be present; if any of them are missing, a redirect to Login URL is issued. So perhaps one or more of them are actually optional (as far as CAS is concerned), and are not being issued by CAS after the initial login, causing the Appliance not to see them and thus return to login.

Or, perhaps the domain or path of the cookies being issued by CAS is not wide enough to include the Appliance. If the domain is not set when CAS issues the cookie after login, then the user's browser will not send the cookie to the Appliance, because it is a different host. Path should be set to `/', and domain to something like `.mydomain.org' that includes both the CAS box (Login URL and all protected URLs) and the Appliance hostname.
Post Reply