Search Mailing List Archives
failed: data is incorrectly formatted (2)
YANG Cheng Fu
youngseph at gmail.com
Wed Apr 17 11:07:20 PDT 2013
the host is not in any load-balanced pool !
Orange Key: 35745318S1
On Wed, Apr 17, 2013 at 1:55 PM, Russ Allbery
<eagle at windlord.stanford.edu>wrote:
> YANG Cheng Fu <youngseph at gmail.com> writes:
> > Hello Russ,
> > thanks, the version I use is 4.3.2, in fact it happens in loop, it never
> > stop on webauth host !
> Is this system part of a load-balanced pool?
> Basically, what's happening is that the authentication is completing, the
> web server is successfully parsing the id token from the WebLogin server
> and authenticating the user, and then it's setting an app token as a
> cookie and doing a final redirect to clean up the URL
> (WebAuthExtraRedirect, which defaults to true). After that redirect, it's
> trying to parse the token out of the cookie again, but the token is
> The most common reason for this is that the host is part of a
> load-balanced pool (multiple web servers serving the same URL) and their
> WebAuth keyring is not synchronized between the systems. On the redirect,
> the browser goes to a different member of the pool, and that server fails
> to decode the cookie because it doesn't have the key to decrypt it.
> Other possibilities include something in the browser or in some
> intermediate proxy truncating or corrupting the cookie.
> Russ Allbery <eagle at windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webauth-info