This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Websphere and the fly likes LTPA Form Login redirects to login form Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "LTPA Form Login redirects to login form" Watch "LTPA Form Login redirects to login form" New topic
Author

LTPA Form Login redirects to login form

Marcel Heijmans
Greenhorn

Joined: Nov 26, 2002
Posts: 9
Securing a web resource works ok, however the Form Login redirects to itself instead of the secured web component. The trace log shows the creation of the LtpaToken by the FormLoginServlet, but it seems that the cookie is immediatly cleared afterwards.
The WebAuthentication than concludes no or bad ltpa cookie and redirects to the login form.
Looks like we are going in circles here.
Seen this before??
Platform:
WebSphere 4.04 AE
DB2
Win2k
Here is the trace log just after the credentials where entered in the Form Login (also solves insomnia)
[11/26/02 7:51:54:779 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
j_username=[Niels]
j_password=[Blomberg]
action=[Submit Login]
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
content-length=[56]
content-type=[application/x-www-form-urlencoded]
cookie=[WASReqURL=/secure/secret.html]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:54:809 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:54:809 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:54:819 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/j_security_check, Path Info=null
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat D URI requested: /j_security_check
[11/26/02 7:51:54:819 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat D No WebConstraints for URI = /j_security_check, method = POST
[11/26/02 7:51:54:819 CET] 4ab14178 WebCollaborat < authorize: com.ibm.ws.security.web.PermitReply@a16c179
[11/26/02 7:51:54:819 CET] 4ab14178 FormLoginServ > formLogin, WebAttributes:
webAppName[MXSecurityWeb]
isProtected[true]
realm[customRealm]
challengeType[Custom]
authMechanism[LTPA]
SSLEnabled[false]
SSOEnabled[true]
secureSSO[false]
defaultToBasic[false]
LTPACookieName[LtpaToken]
loginCookieName[null]
CookieSuffix[null]
[11/26/02 7:51:54:829 CET] 4ab14178 FormLoginServ D Form based login: userid/password present in the form. User is: Niels
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ > createCookie LtpaToken jKLxlWkJZgX9jKiI0If2siWbVjBAwyzfiX+h3yq5ZgPcQo8qycX+jbDhYIRrCwSLf86be516JGJEcKcdfSxDJ8EH+Tpk0vymhwRJM3Mlkj6ixfQk6gxSl0ubQOkQGX5q39cucGSDA6uRtpuGjY5O46onM3pOmVYEXy9U2R0AKeBaAYrklyQNB6ItItjBT66xwmqPucBEmiRo3ZTPEHgozbJPsxuNoOh48S/HA0FWpGCZgVFIopzz8DPBmWLJt5XSak/eF3rQ1GYtgKKopSUDew==
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ < createCookie
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ > clearCookie
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica > getcookiValue WASReqURL
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica < getcookiValue /secure/secret.html
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ D cleared REFERER_URL cookie. Original value was /secure/secret.html
[11/26/02 7:51:55:059 CET] 4ab14178 FormLoginServ < clearCookie
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica > getcookiValue WASReqURL
[11/26/02 7:51:55:059 CET] 4ab14178 WebAuthentica < getcookiValue /secure/secret.html
[11/26/02 7:51:55:069 CET] 4ab14178 FormLoginServ D Successful auth - redirecting to the original URL/secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:55:079 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/, Path Info=secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D URI requested: /secure/secret.html
[11/26/02 7:51:55:079 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:55:079 CET] 4ab14178 WebResourceCo D URI Match type = EXACT
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat > checkConstraints
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat < checkConstraints <null>
[11/26/02 7:51:55:079 CET] 4ab14178 WebCollaborat D We have a custom login or error page request, web app login URL:[/login.html], errorPage URL:[/error.jsp], and the requested URI:[/secure/secret.html]
[11/26/02 7:51:55:079 CET] 4ab14178 WSAccessManag > isEveryoneGranted
[11/26/02 7:51:55:089 CET] 4ab14178 WSAccessManag > fillAccessIds
[11/26/02 7:51:55:089 CET] 4ab14178 WSAccessManag < fillAccessIds
[11/26/02 7:51:55:229 CET] 4ab14178 WSAccessManag < No roles granted to the special subject, Everyone
[11/26/02 7:51:55:229 CET] 4ab14178 WebCollaborat D URI - /secure/secret.html.GET is protected
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > authenticate
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleSSO
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > getcookiValue LtpaToken
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < getcookiValue <null>
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D A cookie was received. The name is LtpaToken and the value is NULL
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleSSO: (null)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D handleTrustAssociation
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D TrustAssociation is enabled.
[11/26/02 7:51:55:229 CET] 4ab14178 TrustAssociat > getInterceptor
[11/26/02 7:51:55:229 CET] 4ab14178 TrustAssociat < getInterceptor
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleTrustAssociation: (null user)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleCustomLogin
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login is configured for the resource
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D sendRedirectComplianceMode = [false]
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > handleSSO
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica > getcookiValue LtpaToken
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < getcookiValue <null>
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D A cookie was received. The name is LtpaToken and the value is NULL
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleSSO: (null)
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: No or Bad ltpa cookie
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: Stored original request : /secure/secret.html
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica D Form based login: Referer URL cookie set /secure/secret.html
[11/26/02 7:51:55:229 CET] 4ab14178 WebAuthentica < handleCustomLogin Redirecting to a login form/login.html
[11/26/02 7:51:55:239 CET] 4ab14178 WebCollaborat D redirecting to another url
[11/26/02 7:51:55:239 CET] 4ab14178 WebCollaborat < authorize com.ibm.ws.security.web.RedirectReply@79a70178
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D preInvoke: contextRoot= /MXSecurityWeb
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D HttpServletRequest parameters and values:
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D Http Header names and values:
accept=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*]
accept-encoding=[gzip, deflate]
accept-language=[en-us]
cache-control=[no-cache]
connection=[Keep-Alive]
cookie=[WASReqURL=/secure/secret.html]
host=[host.acme.com]
referer=[http://host.acme.com/MXSecurityWeb/login.html]
user-agent=[Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)]
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D VirtualHost is : default_host
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat > SetUnauthenticatedCredIfNeeded
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat D Invoked and received Credential are null, setting it anonymous/unauthenticated.
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat < SetUnauthenticatedCredIfNeeded:true
[11/26/02 7:51:55:249 CET] 4ab14178 EJSWebCollabo D Request Context Path=/MXSecurityWeb, Servlet Path=/, Path Info=login.html
[11/26/02 7:51:55:249 CET] 4ab14178 WebCollaborat > authorize
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat D URI requested: /login.html
[11/26/02 7:51:55:259 CET] 4ab14178 WebAppCache D Okay, I found the entry for [default_host:/MXSecurityWeb]
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat D No WebConstraints for URI = /login.html, method = GET
[11/26/02 7:51:55:259 CET] 4ab14178 WebCollaborat < authorize: com.ibm.ws.security.web.PermitReply@a16c179
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'm not sure this is the reason, but we're sticking with 4.0.3 and refuse to go to 4.0.4 because we couldn't get the LTPA authentication working in any 4.0.X other than 3.
Marcel Heijmans
Greenhorn

Joined: Nov 26, 2002
Posts: 9
Nope, I fell back to PTF 3, but still the cookie
got squashed. The log is identical.
Patrick Finnegan
Ranch Hand

Joined: Mar 05, 2002
Posts: 179
You need to apply all cumulative fixes to 4.0.4.
They can be downloaded from:
http://www-1.ibm.com/support/search.wss?rs=180&tc=SSEQTP&dc=D400
Search all versions using the keyword "4.0.4".
Regards.
Patrick.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LTPA Form Login redirects to login form