-
Support Request
-
Resolution: Tracked Elsewhere
-
Medium
-
None
-
2.3.4
-
None
-
System Information
Date:
Thursday, 28 Mar 2013
Time:
16:54:28
Timezone:
Pacific Standard Time
Java Version:
1.6.0_29
Java Vendor:
Sun Microsystems Inc.
JVM Version:
20.4-b02
JVM Vendor:
Sun Microsystems Inc.
JVM Runtime:
Java HotSpot(TM) 64-Bit Server VM
Username:
crowd
Operating System:
Linux2.6.9-101.ELsmp
Architecture:
amd64
Crowd InformationHome Directory:
/opt/crowd/crowd-home-2.3.4
JVM StatisticsTotal Memory:
552 MB
Used Memory:
329 MB
Free Memory:
223 MB
Database InformationJDBC URL:
jdbc:mysql://localhost/crowd234db?autoReconnect=true&characterEncoding=utf8&useUnicode=true
JDBC Driver:
com.mysql.jdbc.Driver
JDBC Username:
crowduser
Hibernate Dialect:
org.hibernate.dialect.MySQL5InnoDBDialect
Runtime InformationApplication Server:
Apache Tomcat/6.0.32
Version:
2.3.4
Build Number:
526
Build Date:
11-10-2011
License InformationLicense Server ID:
AM7N-A4FL-EK71-3U8QSystem Information Date: Thursday, 28 Mar 2013 Time: 16:54:28 Timezone: Pacific Standard Time Java Version: 1.6.0_29 Java Vendor: Sun Microsystems Inc. JVM Version: 20.4-b02 JVM Vendor: Sun Microsystems Inc. JVM Runtime: Java HotSpot(TM) 64-Bit Server VM Username: crowd Operating System: Linux2.6.9-101.ELsmp Architecture: amd64 Crowd Information Home Directory: /opt/crowd/crowd-home-2.3.4 JVM Statistics Total Memory: 552 MB Used Memory: 329 MB Free Memory: 223 MB Database Information JDBC URL: jdbc:mysql://localhost/crowd234db?autoReconnect=true&characterEncoding=utf8&useUnicode=true JDBC Driver: com.mysql.jdbc.Driver JDBC Username: crowduser Hibernate Dialect: org.hibernate.dialect.MySQL5InnoDBDialect Runtime Information Application Server: Apache Tomcat/6.0.32 Version: 2.3.4 Build Number: 526 Build Date: 11-10-2011 License Information License Server ID: AM7N-A4FL-EK71-3U8Q
We are attempting to use the apache crowd connector for SSO.
We have specifically set the SSO apache variables to On, even though they default that way.
It will do regular authentication, but does not create a cookie for SSO, or use an existing one.
The domain of the app is definitely the same as the domain configured for SSO in Crowd. Other apps on the same domain are able to use (non-apache) SSO properly.
- mentioned in
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page")
Wiki Page
Failed to load
[CWD-3239] apache crowd 2.0.2 SSO not working
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1509945 ] | New: Support Request Workflow [ 3389438 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1392549 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1509945 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 517088 ] | New: Simplified Crowd Development Workflow v2 [ 1392549 ] |
| Resolution | New: Tracked Elsewhere [ 15 ] | |
| Status | Original: Needs Verification [ 10004 ] | New: Resolved [ 5 ] |
| Remote Link | New: This issue links to "Wiki Page (Extranet)" [ 40912 ] |
The tip of master is stable; it may be some time before we make another official release, so I'd recommend building from there.
Luke
added a comment - for some reason my reply emails are just not making it back in as comments 
anyway, when is the next time you guys are likely to make an official release?
also, would you recommend that in the mean time, we build off of tip of master, or just apply the one patch locally (how stable is tip of master, I guess is my question)?
-luke
Luke
added a comment - for some reason my reply emails are just not making it back in as comments
anyway, when is the next time you guys are likely to make an official release?
also, would you recommend that in the mean time, we build off of tip of master, or just apply the one patch locally (how stable is tip of master, I guess is my question)?
-luke Is your Crowd configured to only serve cookies over a secure connection? You may be hitting this bug: 0e365a1.
Steve Downing
added a comment - Apache prompts for basic auth, restricts access correctly, and passes back a session cookie, but not an SSO cookie for the internal domain.
Additionally, if a user accesses this app and already has an SSO cookie from a different app, that cookie will be ignored and the user will still be prompted to authenticate if they don't already have a session going with this app.
This isn't an initial setup, but Crowd SSO has at no point worked correctly in this or any other apache-hosted website of ours.
Here's the section from the config file:
<VirtualHost 10.160.10.29:443>
ServerAdmin it-unix@palantir.com
ServerName doinksandmeeps.yojoe.local
suPHP_UserGroup identity identity
<ifModule mod_suphp.c>
php_admin_flag engine off
</ifModule>
<ifModule mod_php5.c>
php_admin_flag engine off
</ifModule>
AddHandler x-httpd-php .php
AddHandler x-httpd-php .php .php4 .php3 .phtml
suPHP_Engine on
suPHP_AddHandler x-httpd-php
<Location />
AuthName "Palantir AD Credentials"
AuthType Basic
AuthBasicProvider crowd
CrowdAppName [REDACTED]
CrowdAppPassword [REDACTED]
CrowdAcceptSSO on
CrowdCreateSSO on
CrowdURL [REDACTED]
Require valid-user
</Location>
DocumentRoot "/opt/identity/webapps/wordpress-3.4-git"
ErrorLog logs/doinksandmeeps-error_log
CustomLog logs/doinksandmeeps-access_log combined
Alias /files /opt/identity/static/dmfiles/files
Alias /uploads /opt/identity/static/dmfiles/uploads
Redirect /subscribe /wp-admin/admin.php?page=s2
Redirect /subscriptions /wp-admin/admin.php?page=s2
<Directory /opt/identity/webapps/wordpress-3.4-git>
Options ALL
AllowOverride all
</Directory>
SSLEngine On
SSLCertificateFile [REDACTED]
SSLCertificateKeyFile [REDACTED]
SSLCertificateChainFile [REDACTED]
</VirtualHost>
Steve Downing
added a comment - Apache prompts for basic auth, restricts access correctly, and passes back a session cookie, but not an SSO cookie for the internal domain.
Additionally, if a user accesses this app and already has an SSO cookie from a different app, that cookie will be ignored and the user will still be prompted to authenticate if they don't already have a session going with this app.
This isn't an initial setup, but Crowd SSO has at no point worked correctly in this or any other apache-hosted website of ours.
Here's the section from the config file:
<VirtualHost 10.160.10.29:443>
ServerAdmin it-unix@palantir.com
ServerName doinksandmeeps.yojoe.local
suPHP_UserGroup identity identity
<ifModule mod_suphp.c>
php_admin_flag engine off
</ifModule>
<ifModule mod_php5.c>
php_admin_flag engine off
</ifModule>
AddHandler x-httpd-php .php
AddHandler x-httpd-php .php .php4 .php3 .phtml
suPHP_Engine on
suPHP_AddHandler x-httpd-php
<Location />
AuthName "Palantir AD Credentials"
AuthType Basic
AuthBasicProvider crowd
CrowdAppName [REDACTED]
CrowdAppPassword [REDACTED]
CrowdAcceptSSO on
CrowdCreateSSO on
CrowdURL [REDACTED]
Require valid-user
</Location>
DocumentRoot "/opt/identity/webapps/wordpress-3.4-git"
ErrorLog logs/doinksandmeeps-error_log
CustomLog logs/doinksandmeeps-access_log combined
Alias /files /opt/identity/static/dmfiles/files
Alias /uploads /opt/identity/static/dmfiles/uploads
Redirect /subscribe /wp-admin/admin.php?page=s2
Redirect /subscriptions /wp-admin/admin.php?page=s2
<Directory /opt/identity/webapps/wordpress-3.4-git>
Options ALL
AllowOverride all
</Directory>
SSLEngine On
SSLCertificateFile [REDACTED]
SSLCertificateKeyFile [REDACTED]
SSLCertificateChainFile [REDACTED]
</VirtualHost> 
I'm going to close this issue as part of moving the cwdapache issues over to the CWDAPACHE project on ean. If this is still an issue, please let me know so we can get more detail and continue tracking it over there.