www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Foust, Adam G." <agfo...@tva.gov>
Subject RE: Siteminder/mod_proxy issues
Date Wed, 28 Aug 2002 17:30:24 GMT
We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have
not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
with the QMR4 apache webagent. I've observed some strange URL rewriting
issues involved with multi-domain sign-on and using cookie providers, but
nothing that can't be worked around.

Our setup is basically apache reverse-proxies (mod_proxy) behind F5
load-balancers. The reverse-proxies chain through intermediate firewalls
through another (forward) mod_proxy to backend DMZ servers.

I have been tracing HTTP headers and have not yet seen the behavior you
describe. Are you running SiteMinder 5.0?

-----Original Message-----
From: Martijn Schoemaker [mailto:martijn@osp.nl] 
Sent: Wednesday, August 28, 2002 11:39 AM
To: modproxy-dev@apache.org
Subject: Siteminder/mod_proxy issues

Hi all,

I have the strangest results in an environment we use
at a customer.

We have an apache-server with mod_proxy on one node,
which forwards it's requests to another apache-server
with mod_proxy AND mod_sm from siteminder Netegrity.

Both apache servers are 1.3.26, pached with my previously
posted 'full reverse proxy' path, a siteminder patch (which
cannot be applied because the change seems to be in
standard 1.3.26 anyway) and a patch which removes spurious
line-feeds/carriage returns in the headers.

The strange thing is that some redirects from the application
(behind the 2nd proxy) work fine, others work only on IE6
browsers, others crash with a 'DNS error', and all netscapes
seem to display the redirect page without actually performing
the redirect.

The only strange thing I see in the sniffer logs (the redirects
are fine, no additional cr/lf's, no other strange things) is
that the siteminder cookies are set twice.

I afiak the duplication happens on the second proxy but I
cannot imagine why. Either there is a problem with the
mod_sm making it add the cookies and not replace if they
exist, or the mod_proxy duplicates the Set-Cookie headers.

I am completely baffled by this issue, and I don't have much
hair left on my head ;)

My question to y'all is :

1. Has anybody got this same config (using siteminder) ?
2. Does anybody know why the netscape browser does not
   perform the redirect, except when I press 'reload' ?
3. Has anybody got a hint as to why Set-Cookie headers
   might be duplicated ?

Thanks in advance,
Martijn Schoemaker

P.S.: Since this infrastucture is SSL on the front, and since
      browsers nowadays don't support 'view response as-is'
      anymore (let alone seeing the headers :() I do not have
      the actual document 'seen' by the browser.

You have reached the end of the message.
Press [t] to go to the top of this message, or [c] to close it.

View raw message