Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LTPA Form Login redirects to login form

 
Marcel Heijmans
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Securing a web resource works ok, however the Form Login redirects to itself instead of the secured web component. The trace log shows the creation of the LtpaToken by the FormLoginServlet, but it seems that the cookie is immediatly cleared afterwards.
The WebAuthentication than concludes no or bad ltpa cookie and redirects to the login form.
Looks like we are going in circles here.
Seen this before??
Platform:
WebSphere 4.04 AE
DB2
Win2k
Here is the trace log just after the credentials where entered in the Form Login (also solves insomnia)
[11/26/02 7:51:54:779 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
j_username=[Niels]
j_password=[Blomberg]
action=[Submit Login]
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
content-length=[56]
content-type=[application/x-www-form-urlencoded]
cookie=[WASReqURL=/secure/secret.html]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:54:819 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/j_security_check, Path Info=null
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat D URI requested: /j_security_check
[11/26/02 7:51:54:819 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat D No WebConstraints for URI = /j_security_check, method = POST
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat < authorize: com.ibm.ws.security.web.PermitReply@a16c179
[11/26/02 7:51:54:819 CET] 4ab14178 FormLoginServ > formLogin, WebAttributes:
webAppName[MXSecurityWeb]
isProtected[true]
realm[customRealm]
challengeType[Custom]
authMechanism[LTPA]
SSLEnabled[false]
SSOEnabled[true]
secureSSO[false]
defaultToBasic[false]
LTPACookieName[LtpaToken]
loginCookieName[null]
CookieSuffix[null]
[11/26/02 7:51:54:829 CET] 4ab14178 FormLoginServ D Form based login: userid/password present in the form. User is: Niels
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ > createCookie LtpaToken jKLxlWkJZgX9jKiI0If2siWbVjBAwyzfiX+h3yq5ZgPcQo8qycX+jbDhYIRrCwSLf86be516JGJEcKcdfSxDJ8EH+Tpk0vymhwRJM3Mlkj6ixfQk6gxSl0ubQOkQGX5q39cucGSDA6uRtpuGjY5O46onM3pOmVYEXy9U2R0AKeBaAYrklyQNB6ItItjBT66xwmqPucBEmiRo3ZTPEHgozbJPsxuNoOh48S/HA0FWpGCZgVFIopzz8DPBmWLJt5XSak/eF3rQ1GYtgKKopSUDew==
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ < createCookie
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ > clearCookie
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica > getcookiValue WASReqURL
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica < getcookiValue /secure/secret.html
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ D cleared REFERER_URL cookie. Original value was /secure/secret.html
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ < clearCookie
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica > getcookiValue WASReqURL
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica < getcookiValue /secure/secret.html
[11/26/02 7:51:55:069 CET] 4ab14178 FormLoginServ D Successful auth - redirecting to the original URL/secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/, Path Info=secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D URI requested: /secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:55:079 CET] 4ab14178 WebResourceCo D URI Match type = EXACT
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > checkConstraints
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat < checkConstraints <null>
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D We have a custom login or error page request, web app login URL:[/login.html], errorPage URL:[/error.jsp], and the requested URI:[/secure/secret.html]
[11/26/02 7:51:55:079 CET] 4ab14178 WSAccessManag > isEveryoneGranted
[11/26/02 7:51:55:089 CET] 4ab14178 WSAccessManag > fillAccessIds
[11/26/02 7:51:55:089 CET] 4ab14178 WSAccessManag < fillAccessIds
[11/26/02 7:51:55:229 CET] 4ab14178 WSAccessManag < No roles granted to the special subject, Everyone
[11/26/02 7:51:55:229 CET] 4ab14178 WebCollaborat D URI - /secure/secret.html.GET is protected
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > authenticate
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleSSO
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > getcookiValue LtpaToken
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < getcookiValue <null>
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D A cookie was received. The name is LtpaToken and the value is NULL
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleSSO: (null)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D handleTrustAssociation
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D TrustAssociation is enabled.
[11/26/02 7:51:55:229 CET] 4ab14178 TrustAssociat > getInterceptor
[11/26/02 7:51:55:229 CET] 4ab14178 TrustAssociat < getInterceptor
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleTrustAssociation: (null user)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleCustomLogin
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login is configured for the resource
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D sendRedirectComplianceMode = [false]
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleSSO
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > getcookiValue LtpaToken
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < getcookiValue <null>
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D A cookie was received. The name is LtpaToken and the value is NULL
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleSSO: (null)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: No or Bad ltpa cookie
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: Stored original request : /secure/secret.html
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: Referer URL cookie set /secure/secret.html
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleCustomLogin Redirecting to a login form/login.html
[11/26/02 7:51:55:239 CET] 4ab14178 WebCollaborat D redirecting to another url
[11/26/02 7:51:55:239 CET] 4ab14178 WebCollaborat < authorize com.ibm.ws.security.web.RedirectReply@79a70178
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
cookie=[WASReqURL=/secure/secret.html]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/, Path Info=login.html
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat D URI requested: /login.html
[11/26/02 7:51:55:259 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat D No WebConstraints for URI = /login.html, method = GET
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat < authorize: com.ibm.ws.security.web.PermitReply@a16c179
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure this is the reason, but we're sticking with 4.0.3 and refuse to go to 4.0.4 because we couldn't get the LTPA authentication working in any 4.0.X other than 3.
 
Marcel Heijmans
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope, I fell back to PTF 3, but still the cookie
got squashed. The log is identical.
 
Patrick Finnegan
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to apply all cumulative fixes to 4.0.4.
They can be downloaded from:
http://www-1.ibm.com/support/search.wss?rs=180&tc=SSEQTP&dc=D400
Search all versions using the keyword "4.0.4".
Regards.
Patrick.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic