Troubleshooting
From cosign wiki
(→Cosign 3 filter validation URL returns "401 Not authorized") |
(→Cosign 3 filter validation URL returns "401 Not authorized") |
||
| Line 18: | Line 18: | ||
stanza for the web site. Removing this directive solved the problem. | stanza for the web site. Removing this directive solved the problem. | ||
| - | A better solution that preserves stronger security for the rest of the site to keep the above directive and instead use the following configuration for the cosign URL valdiation handler: | + | A better solution that preserves stronger security for the rest of the site is to keep the above directive and instead use the following configuration for the cosign URL valdiation handler: |
<pre> | <pre> | ||
Revision as of 16:51, 6 April 2009
Contents |
General
Apache filter
Cosign 3 filter validation URL returns "401 Not authorized"
The user authentications OK, but when being redirected back to the validation URL, they get a "401 Not authorized" error in their web browser and something similar to this appears in the web server error log:
[Mon Apr 06 16:13:40 2009] [error] [client 141.213.234.243] access to /cosign/valid failed, reason: verification of user id '<null>' not configured, referer: https://weblogin-test.itcs.umich.edu/ ?cosign-request-test.itcs&https://request-test.itcs.umich.edu/
The problem turned out to be a "require valid-user" directive in the <Directory />
stanza for the web site. Removing this directive solved the problem.
A better solution that preserves stronger security for the rest of the site is to keep the above directive and instead use the following configuration for the cosign URL valdiation handler:
<Location /cosign/valid>
SetHandler cosign
CosignProtected Off
Allow from all
Satisfy any
</Location>
IISCosign filter
If the IISCosign filter encounters an error, it will attempt to disable the web server. It does this by processing all requests with the response "The server is currently disabled."
Errors will be placed in the Event Viewer under the Application Log and be labeled "Cosign".
Possible Event Viewer Application Log Messages
- Could not load the cosign config file c:\path\to\cosign.dll.config
The name of the config file is probably misspelled. Either change the file name or change the value in the Registry for HKEY_LOCAL_MACHINE\SOFTWARE\University of Michigan\ITCS\Cosign\ConfigFile.
- Connection pool is busy. Perhaps the current size is too low? This value can be changed in the cosign.dll.config file.
Congratulations! You have a very popular web service! In order to improve throughput of web pages, the size of the connection pool should be increased.
- SideBySide
Event Type: Error Event Source: SideBySide Event Category: None Event ID: 59 Date: 7/21/2008 Time: 4:54:17 PM User: N/A Computer: SERVER_NAME Description: Generate Activation Context failed for C:\path\to\cosign.dll. Reference error message: The referenced assembly is not installed on your system.
There are several versions of the Visual C++ run-time DLLs. To make sure the version needed by IISCosign installed, run the Visual C++ 2005 SP1 Redistributable Package
- IISCosign does not have permission to access something. Please see the readme.txt file for information about setting file permissions for IISCosign. Here is what caused the error: [some error code]
Permissions for accessing various parts of the file system are not set.
