You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sa...@seagate.com on 2005/03/01 20:21:11 UTC
[users@httpd] WebDAV + Siteminder = Cookie Monster / (dilema with siteminder cookies)
Hello All,
I have a Apache 2.x server that uses Siteminder for authentication. The
authentication works fine for almost all web resources, except for WebDAV
access.
I have couple of directories that I need to make WebDAV accessible. If
these directories are protected by siteminder, my WebDAV client fails to
connect. I think this is happening because siteminder uses cookies to
manage authorization/authentication, and the WebDAV client does not
understand cookies.
Has anyone been able to enable WebDAV for Siteminder controlled resources?
Any ideas?
Here is the log from my webdav client (WebDrive 6.1
(http://www.webdrive.com))
03/01/05 10:54:44 694 [W:] NT Platform
03/01/05 10:54:44 694 [W:] Version 6.05 (build 1014)
03/01/05 10:54:44 694 [W:] Connecting to http://webdavserver.mydomain.tld/
...
03/01/05 10:54:44 694 [W:] OPTIONS / HTTP/1.1
03/01/05 10:54:45 694 [W:] Host: webdavserver.mydomain.tld
03/01/05 10:54:45 694 [W:] User-Agent: WebDrive/6.05 NT DAV
03/01/05 10:54:45 694 [W:] Translate: f
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] HTTP/1.1 401 Authorization Required
03/01/05 10:54:45 694 [W:] Date: Tue, 01 Mar 2005 18:56:32 GMT
03/01/05 10:54:45 694 [W:] Server: Apache/2.0.52 (Red Hat)
03/01/05 10:54:45 694 [W:] WWW-authenticate: basic realm="/
[10:56:32:1557]"
03/01/05 10:54:45 694 [W:] Set-Cookie: SMCHALLENGE=YES; path=/;
domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] Content-Length: 29
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-Type: text/html; charset=iso-8859-1
03/01/05 10:54:45 694 [W:] OPTIONS / HTTP/1.1
03/01/05 10:54:45 694 [W:] Host: webdavserver.mydomain.tld
03/01/05 10:54:45 694 [W:] User-Agent: WebDrive/6.05 NT DAV
03/01/05 10:54:45 694 [W:] Translate: f
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-Length: 0
03/01/05 10:54:45 694 [W:] Cookie: SMCHALLENGE=YES
03/01/05 10:54:45 694 [W:] Authorization: Basic MjI0NzA2OkZlbjBtZW5h
03/01/05 10:54:45 694 [W:] HTTP/1.1 200 OK
03/01/05 10:54:45 694 [W:] Date: Tue, 01 Mar 2005 18:56:32 GMT
03/01/05 10:54:45 694 [W:] Server: Apache/2.0.52 (Red Hat)
03/01/05 10:54:45 694 [W:] Set-Cookie: SMCHALLENGE=; expires=Thu, 02 Sep
2004 18:56:32 GMT; path=/; domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] Cookie time is 9/2/2004 18:56:32
03/01/05 10:54:45 694 [W:] Cookie has expired
03/01/05 10:54:45 694 [W:] Set-Cookie:
SMSESSION=uLf4rxlcxQojqpvVIrTjk+1Xj1/iosqEJPVR70jfrCKoPK9Re0jHgQvsmidHmX1MOOUKd2A4wJjkIzhpQDQbJ4UOjd3uRzwKBvAKUtLatS2+0K+lsw2LtyHUja3QUvZ9V/InRewvfrEft62i8Kwfc3Jqw04YQcgPE3ux0RbpV0I0Y817WhwVpdJHA9sKPb6whQL/9XL6YvHp7/xIe/2GDi6cubUhcWq74Utr5LKITSej+EuuoxwdMGylDmO7cLiZb7shRp6eCoj+XtMrBraWSocPfNrwj14TVgpv5Wt08TzL3nebTUj/6khM6QSsj86UAXaM3qUNOt+zJ0RQfooOPWC2Bbkzr/PUB2kewyTPIj0Hl+J3tkpaiNZ9w/A6zvSGc3Ry3p/irajythYQ6YgvJ9ZoO87Hqb3S+Vf39YIPCvIXf9Nx+G5dBZ0yR9cTQWzBuzHH9IMwMM6NTNulCfKxnUhN8i3VOonqljsBvvNvWUUAQpL8EIaOPE8IDi9BvyHk6yLvQqkeM37xPDSHZeSMMs917ZQIC+g0UhgUOzoTNFw+qfIXYDCGsBdDq74RLFHJjrr80//fgzlC/E/UTs1NS4ED13LBXkHkro/Zxu38SOJWuiPMVFLvoDecW5fxrJjc8Q3Yp8596IXx6s2UbZ4I2PFso8y76i4L3CKY2G6RLaveesVCLOxFme/KChkOXEzasxNHR71QWFLJmoi2ULL7GRiTnl5sd/vp1vL0j25xkrx1lFv7TJJeyn34q+t6uppl5rroa7VI9iNN4Z3ull5NbtMzj+wPiVecXd+Qkq/GthVtOY3XLrlTgFJa68JYrhqmTHb84pBBRla3cBzXCYx/KBvhJ07cpFJGQi036AWcWklHfL2Uu01I+LjEwl/9xKqFjKuXx6piBz9S/iiKDNcQW1ZCwB/eUlm+OE59zAHZexZXZYi9yVMorQ==;
path=/; domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] DAV: 1,2
03/01/05 10:54:45 694 [W:] DAV: <http://apache.org/dav/propset/fs/1>
03/01/05 10:54:45 694 [W:] MS-Author-Via: DAV
03/01/05 10:54:45 694 [W:] Allow:
OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK
03/01/05 10:54:45 694 [W:] Content-Length: 0
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-Type: httpd/unix-directory
03/01/05 10:54:45 694 [W:] PROPFIND / HTTP/1.1
03/01/05 10:54:45 694 [W:] Content-Type: text/xml
03/01/05 10:54:45 694 [W:] Depth: 0
03/01/05 10:54:45 694 [W:] Host: webdavserver.mydomain.tld
03/01/05 10:54:45 694 [W:] User-Agent: WebDrive/6.05 NT DAV
03/01/05 10:54:45 694 [W:] Translate: f
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Cookie:
SMSESSION=uLf4rxlcxQojqpvVIrTjk+1Xj1/iosqEJPVR70jfrCKoPK9Re0jHgQvsmidHmX1MOOUKd2A4wJjkIzhpQDQbJ4UOjd3uRzwKBvAKUtLatS2+0K+lsw2LtyHUja3QUvZ9V/InRewvfrEft62i8Kwfc3Jqw04YQcgPE3ux0RbpV0I0Y817WhwVpdJHA9sKPb6whQL/9XL6YvHp7/xIe/2GDi6cubUhcWq74Utr5LKITSej+EuuoxwdMGylDmO7cLiZb7shRp6eCoj+XtMrBraWSocPfNrwj14TVgpv5Wt08TzL3nebTUj/6khM6QSsj86UAXaM3qUNOt+zJ0RQfooOPWC2Bbkzr/PUB2kewyTPIj0Hl+J3tkpaiNZ9w/A6zvSGc3Ry3p/irajythYQ6YgvJ9ZoO87Hqb3S+Vf39YIPCvIXf9Nx+G5dBZ0yR9cTQWzBuzHH9IMwMM6NTNulCfKxnUhN8i3VOonqljsBvvNvWUUAQpL8EIaOPE8IDi9BvyHk6yLvQqkeM37xPDSHZeSMMs917ZQIC+g0UhgUOzoTNFw+qfIXYDCGsBdDq74RLFHJjrr80//fgzlC/E/UTs1NS4ED13LBXkHkro/Zxu38SOJWuiPMVFLvoDecW5fxrJjc8Q3Yp8596IXx6s2UbZ4I2PFso8y76i4L3CKY2G6RLaveesVCLOxFme/KChkOXEzasxNHR71QWFLJmoi2ULL7GRiTnl5sd/vp1vL0j25xkrx1lFv7TJJeyn34q+t6uppl5rroa7VI9iNN4Z3ull5NbtMzj+wPiVecXd+Qkq/GthVtOY3XLrlTgFJa68JYrhqmTHb84pBBRla3cBzXCYx/KBvhJ07cpFJGQi036AWcWklHfL2Uu01I+LjEwl/9xKqFjKuXx6piBz9S/iiKDNcQW1ZCwB/eUlm+OE59zAHZexZXZYi9yVMorQ==
03/01/05 10:54:45 694 [W:] Authorization: Basic MjI0NzA2OkZlbjBtZW5h
03/01/05 10:54:45 694 [W:] HTTP/1.1 401 Authorization Required
03/01/05 10:54:45 694 [W:] Date: Tue, 01 Mar 2005 18:56:33 GMT
03/01/05 10:54:45 694 [W:] Server: Apache/2.0.52 (Red Hat)
03/01/05 10:54:45 694 [W:] WWW-authenticate: basic realm="/
[10:56:33:3459]"
03/01/05 10:54:45 694 [W:] Set-Cookie: SMCHALLENGE=YES; path=/;
domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] Content-Length: 29
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-Type: text/html; charset=iso-8859-1
03/01/05 10:54:45 694 [W:] PROPFIND / HTTP/1.1
03/01/05 10:54:45 694 [W:] Content-Type: text/xml
03/01/05 10:54:45 694 [W:] Depth: 0
03/01/05 10:54:45 694 [W:] Host: webdavserver.mydomain.tld
03/01/05 10:54:45 694 [W:] User-Agent: WebDrive/6.05 NT DAV
03/01/05 10:54:45 694 [W:] Translate: f
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-length: 116
03/01/05 10:54:45 694 [W:] Cookie:
SMSESSION=uLf4rxlcxQojqpvVIrTjk+1Xj1/iosqEJPVR70jfrCKoPK9Re0jHgQvsmidHmX1MOOUKd2A4wJjkIzhpQDQbJ4UOjd3uRzwKBvAKUtLatS2+0K+lsw2LtyHUja3QUvZ9V/InRewvfrEft62i8Kwfc3Jqw04YQcgPE3ux0RbpV0I0Y817WhwVpdJHA9sKPb6whQL/9XL6YvHp7/xIe/2GDi6cubUhcWq74Utr5LKITSej+EuuoxwdMGylDmO7cLiZb7shRp6eCoj+XtMrBraWSocPfNrwj14TVgpv5Wt08TzL3nebTUj/6khM6QSsj86UAXaM3qUNOt+zJ0RQfooOPWC2Bbkzr/PUB2kewyTPIj0Hl+J3tkpaiNZ9w/A6zvSGc3Ry3p/irajythYQ6YgvJ9ZoO87Hqb3S+Vf39YIPCvIXf9Nx+G5dBZ0yR9cTQWzBuzHH9IMwMM6NTNulCfKxnUhN8i3VOonqljsBvvNvWUUAQpL8EIaOPE8IDi9BvyHk6yLvQqkeM37xPDSHZeSMMs917ZQIC+g0UhgUOzoTNFw+qfIXYDCGsBdDq74RLFHJjrr80//fgzlC/E/UTs1NS4ED13LBXkHkro/Zxu38SOJWuiPMVFLvoDecW5fxrJjc8Q3Yp8596IXx6s2UbZ4I2PFso8y76i4L3CKY2G6RLaveesVCLOxFme/KChkOXEzasxNHR71QWFLJmoi2ULL7GRiTnl5sd/vp1vL0j25xkrx1lFv7TJJeyn34q+t6uppl5rroa7VI9iNN4Z3ull5NbtMzj+wPiVecXd+Qkq/GthVtOY3XLrlTgFJa68JYrhqmTHb84pBBRla3cBzXCYx/KBvhJ07cpFJGQi036AWcWklHfL2Uu01I+LjEwl/9xKqFjKuXx6piBz9S/iiKDNcQW1ZCwB/eUlm+OE59zAHZexZXZYi9yVMorQ==;
SMCHALLENGE=YES
03/01/05 10:54:45 694 [W:] Authorization: Basic MjI0NzA2OkZlbjBtZW5h
03/01/05 10:54:45 694 [W:] HTTP/1.1 401 Authorization Required
03/01/05 10:54:45 694 [W:] Date: Tue, 01 Mar 2005 18:56:33 GMT
03/01/05 10:54:45 694 [W:] Server: Apache/2.0.52 (Red Hat)
03/01/05 10:54:45 694 [W:] Set-Cookie: SMCHALLENGE=; expires=Thu, 02 Sep
2004 18:56:33 GMT; path=/; domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] Cookie time is 9/2/2004 18:56:33
03/01/05 10:54:45 694 [W:] Cookie has expired
03/01/05 10:54:45 694 [W:] Set-Cookie:
SMSESSION=Leg4ktO4JfFToiA0QjMmwumjNIcbycJS9vG6v9e/NHFm7P5SCeffELDZjK1qfLENx8NFEcPeY1jgH4+8tcU11VMxMUkssGFubv/AtMsnoa1T8Kb9dEmxLeEPSrkzzRNlTXPwAo/UDkojcG95EbXZDPrsazCfkuwjHMkOATT9ZFxGpHsbVH5I1gvwUyqSsZvzsXmjRkVy4R4OqaceNVsqBTWTlwhwtg+KC5EhbQfUFCX4idJIgwid49pELdAnIrBLONMv4nkkGWCQGZ4FzfWvfKRiVq9k4iT89lo+cQu0nRNPDYjZKrYlGjzV1MI0aK919SguuCq7kwhr3viBfLcX9kEB3QammvfzTJCWHuUSCZaeZLXlAZVHa8IYzxNZxjaXk/LU62wmJIp+ndBYdP28X5CxWowqNLaaVzZF50hGEf1wmqiv/AC7aE7Gq3yBP171x6l2triO6bu8DikMTpL7mBMmVJukNP2h5ptlpUnuKaKwWPVeHlwCGRlx2Cb+Uylw3MdlVFe27iBFeWZfWftJVJKifpQcUrru1aI2jTLbWQBV9HoVnYYYFmiDKo8LgLYCW9snNdlYRp5X9mSFH1nGsEoP7RQCPdZwQNb+N4QO0tF7H8C2jFxWWIgZ9bCOWQf1ZTLkFhFZPgAyvLboTmOBpYjcuoMnHkQkrsSpPLIM0V5ILhkpEj9XCJxuyB7TL6SXmyiB9tGsLlPKFTcdiqpTpJCtKcKm+R2PL5CF0K6dJ8WNhwXT3rLSvcvprrW/XGh99w3vfGa4zEhORrfLBILY9Jfa19zcBXQHMS1GU83xK66VAHezcVFxH5koHZ/EG+Zx21EkPhe5Mp9tINqDCWQIfYmeDcqZIMe1fUnjteZpkndcSEKsgnZ77TuYNIcrwIj1OynPtkNTi0JuHV3eWsVgfwLiLTiov+MMEy5CkbC/YZCAJv3FuskPP2ma+JDAunb8;
path=/; domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] WWW-authenticate: basic realm="/
[10:56:33:3617]"
03/01/05 10:54:45 694 [W:] Set-Cookie: SMCHALLENGE=YES; path=/;
domain=.mydomain.tld
03/01/05 10:54:45 694 [W:] Content-Length: 29
03/01/05 10:54:45 694 [W:] Connection: close
03/01/05 10:54:45 694 [W:] Content-Type: text/html; charset=iso-8859-1
03/01/05 10:54:45 694 [W:] Authentication failed
03/01/05 10:54:45 694 [W:] Can't connect to WebDAV server at
http://webdavserver.mydomain.tld/, Authentication failed
Thanks.
Saqib Ali
http://validate.sf.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] WebDAV + Siteminder = Cookie Monster / (dilema with siteminder cookies)
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Mar 01, 2005 at 11:21:11AM -0800, Saqib.N.Ali@seagate.com wrote:
> I have a Apache 2.x server that uses Siteminder for authentication. The
> authentication works fine for almost all web resources, except for WebDAV
> access.
>
> I have couple of directories that I need to make WebDAV accessible. If
> these directories are protected by siteminder, my WebDAV client fails to
> connect. I think this is happening because siteminder uses cookies to
> manage authorization/authentication, and the WebDAV client does not
> understand cookies.
Hi again - DAV clients are not required to implement cookie support, and
many don't do so; so using authentication based on cookies won't work in
general for DAV.
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org