#foswiki 2017-01-05,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***ChanServ sets mode: +o cdot [08:07]
................................ (idle for 2h37mn)
ChanServ sets mode: +o Lynnwood [10:44]
ChanServ sets mode: +o Lynnwood__ [10:51]
....... (idle for 34mn)
ChanServ sets mode: +o MichaelDaum [11:25]
....... (idle for 30mn)
sahilsinha has quit IRC (*.net *.split) [11:55]
.......... (idle for 47mn)
MichaelDaumthe blog is still down. this wasn
't a dns problem
[12:42]
jastanything else would have surprised me [12:55]
***ChanServ sets mode: +o cdot [13:05]
MichaelDaumsomebody has been tinkering with it and now it is haywire [13:05]
jastthe message reads like the database server crashed at some point [13:05]
MichaelDaumwho knows
bit disappointing that we aren't able to resolve the situation
i.e. get back our content
[13:05]
............ (idle for 56mn)
***ChanServ sets mode: +o gac410 [14:02]
...................... (idle for 1h47mn)
gac410cdot MichaelDaum_ Someone edited Extensons JsonReport and BuildContirb. I reverted JsonReport but no time to check things out ... off to Dr. Someone please check this out.
We probably ought to protect JsonReport
It was a newly registered user.
[15:49]
MichaelDaumgac410, I've removed the changes and protected it [15:49]
fsfsgac410: the unit tests are run for master and Release02x01, I used to do Release02x00 but changed that sometime in December [15:50]
............. (idle for 1h3mn)
gac410thanks fsfs, MichaelDaum ... [16:53]
MichaelDaumI thought so too.
gotta head out now. one last thing: what do we do with our blog? this is getting ridiculous.
[17:07]
.............................................. (idle for 3h49mn)
foswiki_irc4@gac410 hello Mr. Clark, I still have a problem with the login ,
on my foswiki . it redirects with foswiki redirect cache
login to login page
[20:56]
gac410hi foswiki_irc4 unfortunately I really don't have any idea. You are accessing from behind a proxy iirc?
(no need for the Mr. Clark. george is fine.
So your topology is fw server ------(http)----- proxy server -----(https)------ client? Is that correct
[20:58]
foswiki_irc4https proxy authentication server --- https reverse proxy server ---- https wiki actual [21:00]
gac410So two proxies? [21:01]
foswiki_irc4yeah there are 2
i found a post you worked on back in 2009-2010 about this issue , but i am running foswiki 2.1.2 , apache 2.2
related to : foswiki_redirect_cache=
[21:01]
gac410You're well over my head here unfortunately. [21:04]
foswiki_irc4user gets logged in but is redirected back to the login page, but when the user presses back button it goes into WebHome
I was wondering if there was a way to force a correct page redirect after login authentication
[21:04]
gac410Once they are beyond the login mess, is it working correctly for view / edit ... etc. [21:04]
foswiki_irc4yes after logging in twice or pressing back everything works fine
https://examplewiki.com/wiki >>>user inputs username/password correctly >> url redirects to https://examplewiki.com/wiki/bin/login/Main/WebHome?foswiki_redirect_cache=8e635f1a2e5311f6b54dab308bf58f0f
the redirect cache page goes back to the login script page and it seems to have already authenticated the user but presents a login page again instead of the webhome
after https://examplewiki.com/wiki/bin/login/Main/WebHome?foswiki_redirect_cache=8e635f1a2e5311f6b54dab308bf58f0f , user inputs username/password correctly again, and then it redirects correctly to bin/view
[21:05]
gac410examplewiki.com ... that's the hostname the resolves to the reverse proxy? The auth proxy is a forward proxy configured as the clients web proxy??? [21:09]
foswiki_irc4yes so the host proxy never shows and the reverse proxy is hidden
i am also using short urls, would a rewrite rule cause this login loop?
[21:10]
gac410foswiki_irc4: I have no idea. i'm still trying to understand the forward & reverse proxy configuration. [21:14]
foswiki_irc4ok um..
( authentication) points to (wiki) , (reverse proxy) points to (wiki) , (wiki) points to no one but accepts connection only from the 2.
reverse proxy has postgresadmin ACL
authentication has OCSP
wiki has .htpasswd, login template
i dont know if that helps
i think my issue relates to : https://foswiki.org/Tasks/Item2083
but i am not quite sure
[21:15]
gac410There is a fairly deep discussion on this on https://foswiki.org/Development/FoswikiRedirectCache
I was involved in it a bit but tbh, I've forgotten that I was even involved, never mind *what* was actually done.
[21:26]
foswiki_irc4ooh ok np!
could you help me with a work around
such as force redirect after the login passes?
[21:27]
gac410I have absolutely no idea.
At the bottom of that topic I just reference, is a discussion of a flow that may have a problem. I have no idea if this is related.
Without building your network and testing / tracing it, we probably need that level of step-by-step descript of the flow, along with where it goes wrong.
[21:28]
foswiki_irc4well the proxy is passing everything fine ... i do have some errors [21:32]
gac410Wrong time of day to try to enlist cdot - who was also involved. He's in Europe, so probably home / sleeping [21:32]
foswiki_irc4SESSION 5d6c0245e31c614bc894410fd60a56aa(c): Setting internal preference VALIDATION to 1, referer: https://examplewiki)/wiki/bin/view/System/WebPreferences
oh i see
do you know why session , i am guessing cookies, are in my ssl_error logs?
is there a foswiki session setting that I forgot to tune?
[21:32]
gac410$Foswiki::cfg{Trace}{LoginManager} - config setting is enabled - that traces the internals of the LoginManager [21:35]
foswiki_irc4i think i might be close. I think it might be the login template
i took login and logon out of the authscript
and it seems to work but the starting page is bin/view
user would have to click on [log in]
[21:40]
gac410That's normal. You only are forced to login if the page is protected.
Ah ha. login and logout are not supposed to be in the auth scripts.
If you are logged out, and visit a page that requires login (ie a page with a DENY for WikiGuest), *then* you redirect to login , and will return to bin/view after login is complete.
With login in auth scripts, login redirects to login to get authenticated, and then returns to login when complete.
[21:42]
foswiki_irc4ah i see
so i should find out if my initial page at Main/WebHome
is DENY for wiki guest?
[21:45]
gac410If you want to require all access to be logged in, you can set DENYWEBVIEW = WikiGuest ... in Main.WebPreferences.
But that might restrict registration.
[21:47]
foswiki_irc4the way we have it set up is bulk registration and only email initiation through wikiadmin
users cannot initiate the registration process
[21:49]
gac410ah.. okay. [21:50]
foswiki_irc4will it affect the bulk password reset function? [21:50]
gac410Anyway, making login redirect for purposes of login probably isn' t what you want.
No. bulk reset will send an email with a new password to a user who can then log in.
[21:50]
foswiki_irc4ok let me try the denywebview [21:51]
gac410gac410 remembers that he was working on rewriting the bulk reset stuff. and has it all stashed out in git somewhere.
You can deny a single topic to test. Deny web for more global behavior.
we don't have any higher level ... to deny all webs. Need to restrict that on web by web.
[21:51]
foswiki_irc4ah i lock myself out [21:54]
gac410yikes. that's not good
if you login as the 'admin' user, that bypasses all ACL checking.
[21:54]
foswiki_irc4ah ok i got it thanks
eh now im in a login loop
401 error
[21:56]
gac410hm Your credentials are not working? [22:01]
foswiki_irc4ah i was putting in https://examplewiki.com/wiki instead of /wiki/
my proxy server has /wiki/ set up for pgadmin
but the proxypass setting is /wiki
maybe if i put a trailing
[22:02]
.... (idle for 15mn)
ok nvm doesnt have an effect [22:18]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)