Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

failed: data is incorrectly formatted (2)

YANG Cheng Fu youngseph at gmail.com
Wed Apr 17 11:07:20 PDT 2013


Hello Russ,

the host is not in any load-balanced pool !

--
Yang
Orange Key: 35745318S1


On Wed, Apr 17, 2013 at 1:55 PM, Russ Allbery
<eagle at windlord.stanford.edu>wrote:

> YANG Cheng Fu <youngseph at gmail.com> writes:
>
> > Hello Russ,
>
> > thanks, the version I use is 4.3.2, in fact it happens in loop, it never
> > stop on webauth host !
>
> Is this system part of a load-balanced pool?
>
> Basically, what's happening is that the authentication is completing, the
> web server is successfully parsing the id token from the WebLogin server
> and authenticating the user, and then it's setting an app token as a
> cookie and doing a final redirect to clean up the URL
> (WebAuthExtraRedirect, which defaults to true).  After that redirect, it's
> trying to parse the token out of the cookie again, but the token is
> invalid.
>
> The most common reason for this is that the host is part of a
> load-balanced pool (multiple web servers serving the same URL) and their
> WebAuth keyring is not synchronized between the systems.  On the redirect,
> the browser goes to a different member of the pool, and that server fails
> to decode the cookie because it doesn't have the key to decrypt it.
>
> Other possibilities include something in the browser or in some
> intermediate proxy truncating or corrupting the cookie.
>
> --
> Russ Allbery <eagle at windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20130417/ccb8da8b/attachment.html>


More information about the webauth-info mailing list