You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@manifoldcf.apache.org by ju...@francelabs.com on 2020/05/29 16:01:09 UTC
Web connector login sequence
Hi MCF community,
I need some help with the configuration of a login sequence with the Web
connector. Here is the login sequence on a web browser :
GET site/
302 -> site/login
302 -> other-site/cas/login
401 other-site/cas/login
POST other-site/cas/login (set cookie)
302 -> site/login?param1=value (set cookie)
302 -> site/login?param1=value (set cookie)
302 -> site/
I tested the following conf :
Session: site
site\/login = redirect
other-site\/cas\/login = redirect
other-site\/cas\/login = form
username=john
password=***
This configuration works till the form POST, after the form POST, the first
cookie is correctly retrieved by the job but then it ends up in an infinite
loop. Here are the debug logs:
..
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: For
https://other-site/cas/login, setting virtual host to other-site
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Got an HttpClient object
after 1 ms.
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Post method for '/cas/login'
...
DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Retrieving cookies...
DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Cookie '[version:
0]xxxxxxxxxx
INFO 2020-05-29T15:07:18,448 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: FETCH
LOGIN|https://other-site/cas/login|1590764838416+31|302|0|
DEBUG 2020-05-29T15:07:18,448 (Worker thread '11') -
MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Document
'https://other-site/cas/login' did not match expected form, link,
redirection, or content for sequence 'site'
..
It seems that the redirection after the form POST is not considered by the
job but I don't know why. After that, there is an infinite loop where the
cookie is passed on the GET "site/login" which redirects to
"other-site/login", but this time, when "other-site/login" get the cookie in
the request, it does not send a 302 redirect response code but a 200 OK
I don't know why there is such behavior and I would be glad to have your
advises !
Thanks for your help
Julien
Re: Web connector login sequence
Posted by Karl Wright <da...@gmail.com>.
Thanks for the followup.
If you could create a ticket for this, and supply as much information as
possible, I'll try to look at it and understand the implications for the
session login model as it stands today. I believe I presumed that the same
URL wouldn't be used for wildly different kinds of things; as you say,
turning this into a list rather than a map may make all the difference.
Karl
On Tue, Jun 2, 2020 at 7:34 AM <ju...@francelabs.com> wrote:
> Hi Karl,
>
>
>
> Thanks for your answer.
>
>
>
> The login sequence I configured was the problem but not because some part
> were missing, the main problem was that I entered the same regular
> expression to address two different login types : a login page and a
> redirect page.
> I did not check the code, but it seems that the connector saves the login
> sequence into an HashMap with the login regex as key. So my redirect rule “other-site\/cas\/login
> = redirect” was overridden by the form rule “other-site\/cas\/login =
> form”. This is why in the debug log, the other-site 302 response was not
> recognized by the login sequence.
>
>
>
> I have modified the two rules so that the regex are different and it works
> !
>
>
>
> I hope my use case will help other people if they encounter the same
> problem.
>
>
>
> Note that the solution I implemented sounds to me more like a workaround
> than a solution. Let me explain: I was able to differentiate the regex
> rules by removing a letter in one of them:
> “other-site\/cas\/logi = redirect” vs “other-site\/cas\/login = form”. But
> this does not feel like a “clean” solution
>
>
>
> Regards,
> Julien
>
>
>
>
>
>
>
> *De :* Karl Wright <da...@gmail.com>
> *Envoyé :* vendredi 29 mai 2020 22:32
> *À :* user@manifoldcf.apache.org
> *Objet :* Re: Web connector login sequence
>
>
>
> Hi Julien,
>
> The login sequence must include all parts of the login sequence, from
> initiation (the first 302 that you get when you load /site) all the way
> through to the last action that sets the cookie. After the login sequence
> is completed, the /site URL will be fetched again. If you need more than
> one fetch to set more than one cookie, ALL the fetches must match your
> description of the login sequence or it will abort early. If the cookie
> gets set on a final redirection, be sure to include that redirection too.
>
>
>
> Karl
>
>
>
>
>
> On Fri, May 29, 2020 at 12:01 PM <ju...@francelabs.com> wrote:
>
> Hi MCF community,
>
>
>
> I need some help with the configuration of a login sequence with the Web
> connector. Here is the login sequence on a web browser :
>
>
>
> GET site/
>
> 302 -> site/login
>
> 302 -> other-site/cas/login
>
> 401 other-site/cas/login
>
> POST other-site/cas/login (set cookie)
>
> 302 -> site/login?param1=value (set cookie)
>
> 302 -> site/login?param1=value (set cookie)
>
> 302 -> site/
>
>
>
> I tested the following conf :
>
>
>
> Session: site
>
> site\/login = redirect
>
> other-site\/cas\/login = redirect
>
> other-site\/cas\/login = form
>
> username=john
>
> password=***
>
>
>
> This configuration works till the form POST, after the form POST, the
> first cookie is correctly retrieved by the job but then it ends up in an
> infinite loop. Here are the debug logs:
>
>
>
> ….
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: For
> https://other-site/cas/login, setting virtual host to other-site
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Got an HttpClient object
> after 1 ms.
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Post method for
> '/cas/login'
>
> …..
>
> DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Retrieving cookies...
>
> DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Cookie '[version:
> 0]xxxxxxxxxx
>
> INFO 2020-05-29T15:07:18,448 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: FETCH LOGIN|
> https://other-site/cas/login|1590764838416+31|302|0|
> <https://other-site/cas/login%7C1590764838416+31%7C302%7C0%7C>
>
> DEBUG 2020-05-29T15:07:18,448 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Document '
> https://other-site/cas/login' did not match expected form, link,
> redirection, or content for sequence 'site'
>
> ….
>
>
>
> It seems that the redirection after the form POST is not considered by the
> job but I don’t know why. After that, there is an infinite loop where the
> cookie is passed on the GET “site/login” which redirects to
> “other-site/login”, but this time, when “other-site/login” get the cookie
> in the request, it does not send a 302 redirect response code but a 200 OK
>
>
>
> I don’t know why there is such behavior and I would be glad to have your
> advises !
>
>
>
> Thanks for your help
>
>
>
> Julien
>
>
>
>
RE: Web connector login sequence
Posted by ju...@francelabs.com.
Hi Karl,
Thanks for your answer.
The login sequence I configured was the problem but not because some part were missing, the main problem was that I entered the same regular expression to address two different login types : a login page and a redirect page.
I did not check the code, but it seems that the connector saves the login sequence into an HashMap with the login regex as key. So my redirect rule “other-site\/cas\/login = redirect” was overridden by the form rule “other-site\/cas\/login = form”. This is why in the debug log, the other-site 302 response was not recognized by the login sequence.
I have modified the two rules so that the regex are different and it works !
I hope my use case will help other people if they encounter the same problem.
Note that the solution I implemented sounds to me more like a workaround than a solution. Let me explain: I was able to differentiate the regex rules by removing a letter in one of them:
“other-site\/cas\/logi = redirect” vs “other-site\/cas\/login = form”. But this does not feel like a “clean” solution
Regards,
Julien
De : Karl Wright <da...@gmail.com>
Envoyé : vendredi 29 mai 2020 22:32
À : user@manifoldcf.apache.org
Objet : Re: Web connector login sequence
Hi Julien,
The login sequence must include all parts of the login sequence, from initiation (the first 302 that you get when you load /site) all the way through to the last action that sets the cookie. After the login sequence is completed, the /site URL will be fetched again. If you need more than one fetch to set more than one cookie, ALL the fetches must match your description of the login sequence or it will abort early. If the cookie gets set on a final redirection, be sure to include that redirection too.
Karl
On Fri, May 29, 2020 at 12:01 PM < <ma...@francelabs.com> julien.massiera@francelabs.com> wrote:
Hi MCF community,
I need some help with the configuration of a login sequence with the Web connector. Here is the login sequence on a web browser :
GET site/
302 -> site/login
302 -> other-site/cas/login
401 other-site/cas/login
POST other-site/cas/login (set cookie)
302 -> site/login?param1=value (set cookie)
302 -> site/login?param1=value (set cookie)
302 -> site/
I tested the following conf :
Session: site
site\/login = redirect
other-site\/cas\/login = redirect
other-site\/cas\/login = form
username=john
password=***
This configuration works till the form POST, after the form POST, the first cookie is correctly retrieved by the job but then it ends up in an infinite loop. Here are the debug logs:
….
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: For <https://other-site/cas/login> https://other-site/cas/login, setting virtual host to other-site
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Got an HttpClient object after 1 ms.
DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Post method for '/cas/login'
…..
DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Retrieving cookies...
DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Cookie '[version: 0]xxxxxxxxxx
INFO 2020-05-29T15:07:18,448 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: FETCH LOGIN| <https://other-site/cas/login%7C1590764838416+31%7C302%7C0%7C> https://other-site/cas/login|1590764838416+31|302|0|
DEBUG 2020-05-29T15:07:18,448 (Worker thread '11') - MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Document ' <https://other-site/cas/login> https://other-site/cas/login' did not match expected form, link, redirection, or content for sequence 'site'
….
It seems that the redirection after the form POST is not considered by the job but I don’t know why. After that, there is an infinite loop where the cookie is passed on the GET “site/login” which redirects to “other-site/login”, but this time, when “other-site/login” get the cookie in the request, it does not send a 302 redirect response code but a 200 OK
I don’t know why there is such behavior and I would be glad to have your advises !
Thanks for your help
Julien
Re: Web connector login sequence
Posted by Karl Wright <da...@gmail.com>.
Hi Julien,
The login sequence must include all parts of the login sequence, from
initiation (the first 302 that you get when you load /site) all the way
through to the last action that sets the cookie. After the login sequence
is completed, the /site URL will be fetched again. If you need more than
one fetch to set more than one cookie, ALL the fetches must match your
description of the login sequence or it will abort early. If the cookie
gets set on a final redirection, be sure to include that redirection too.
Karl
On Fri, May 29, 2020 at 12:01 PM <ju...@francelabs.com> wrote:
> Hi MCF community,
>
>
>
> I need some help with the configuration of a login sequence with the Web
> connector. Here is the login sequence on a web browser :
>
>
>
> GET site/
>
> 302 -> site/login
>
> 302 -> other-site/cas/login
>
> 401 other-site/cas/login
>
> POST other-site/cas/login (set cookie)
>
> 302 -> site/login?param1=value (set cookie)
>
> 302 -> site/login?param1=value (set cookie)
>
> 302 -> site/
>
>
>
> I tested the following conf :
>
>
>
> Session: site
>
> site\/login = redirect
>
> other-site\/cas\/login = redirect
>
> other-site\/cas\/login = form
>
> username=john
>
> password=***
>
>
>
> This configuration works till the form POST, after the form POST, the
> first cookie is correctly retrieved by the job but then it ends up in an
> infinite loop. Here are the debug logs:
>
>
>
> ….
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: For
> https://other-site/cas/login, setting virtual host to other-site
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Got an HttpClient object
> after 1 ms.
>
> DEBUG 2020-05-29T15:07:25,560 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Post method for
> '/cas/login'
>
> …..
>
> DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Retrieving cookies...
>
> DEBUG 2020-05-29T15:07:18,442 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Cookie '[version:
> 0]xxxxxxxxxx
>
> INFO 2020-05-29T15:07:18,448 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: FETCH LOGIN|
> https://other-site/cas/login|1590764838416+31|302|0|
> <https://other-site/cas/login%7C1590764838416+31%7C302%7C0%7C>
>
> DEBUG 2020-05-29T15:07:18,448 (Worker thread '11') -
> MCF|MCF-agent|apache.manifoldcf.connectors|WEB: Document '
> https://other-site/cas/login' did not match expected form, link,
> redirection, or content for sequence 'site'
>
> ….
>
>
>
> It seems that the redirection after the form POST is not considered by the
> job but I don’t know why. After that, there is an infinite loop where the
> cookie is passed on the GET “site/login” which redirects to
> “other-site/login”, but this time, when “other-site/login” get the cookie
> in the request, it does not send a 302 redirect response code but a 200 OK
>
>
>
> I don’t know why there is such behavior and I would be glad to have your
> advises !
>
>
>
> Thanks for your help
>
>
>
> Julien
>
>
>