Project

General

Profile

Bug #15268

Accessing elog via www-ad.fnal.gov can't log in

Added by Kyle Hazelwood over 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Immediate
Category:
Server
Target version:
Start date:
01/20/2017
Due date:
% Done:

0%

Estimated time:
Duration:

Description

Trying to log in when accessing the elog via https://www-ad.fnal.gov/Elog doesn't work. The AD home page links to the elog with www-ad... Accessing the elog from https://www-bd.fnal.gov does work


Related issues

Related to Elog - Bug #14579: IE not preserving session cookie is https not first specified in the urlClosed11/21/2016

Related to Elog - Bug #16135: Laptop LoginClosed04/08/2017

Related to Elog - Bug #10356: Error occured while trying to log into the Elog for AD OperationsClosed09/30/2015

Related to Elog - Bug #16332: Unable to login over Cisco VPNClosed04/25/2017

History

#1 Updated by Kyle Hazelwood about 3 years ago

  • Status changed from New to Resolved

Using the JSP servlet context was not working with the chablis https redirect. When a user attempted to access the elog via http://www-bd... the chablis server would redirect to https://www-ad. However, the elog never sees the new url context and attempts to redirect the user to http://www-bd after login. The authentication code was rewritten and each jsp page base href was updated to /Elog instead of the iffy servlet context. Hopefully it is now fixed.

#2 Updated by Kyle Hazelwood about 3 years ago

  • Related to Bug #14579: IE not preserving session cookie is https not first specified in the url added

#3 Updated by Kyle Hazelwood about 3 years ago

  • Status changed from Resolved to Remission

This appears to be still broken on IE and IOS browsers, the relative base href url does not work.

#4 Updated by Kyle Hazelwood over 2 years ago

  • Status changed from Remission to Resolved

This turned out to be a browser specific problem of interepting the JSESSIONID cookie with trailing backslash. Tomcat was conifugred to add a backslash to the domain name in cookies it creates. Chrome, IE, and possibly IOS browsers sometimes did not recognize this as the same domain as cookies they already had thus not keeping the user logged in. The fix was to configure tomcat in the projects Context XML (Elog.xml) to not add the backslash. I also rewrote the authentication scheme to use a servlet instead of a filter to make it less complicated.

#5 Updated by Kyle Hazelwood over 2 years ago

#6 Updated by Kyle Hazelwood about 2 years ago

  • Status changed from Resolved to Closed
  • Priority changed from High to Immediate

#7 Updated by Kyle Hazelwood about 2 years ago

  • Related to Bug #10356: Error occured while trying to log into the Elog for AD Operations added

#8 Updated by Kyle Hazelwood about 2 years ago

  • Related to Bug #16332: Unable to login over Cisco VPN added


Also available in: Atom PDF