Webauth IIS Known Problems: Difference between revisions
From RavenWiki
Jump to navigationJump to search
No edit summary |
m (Display URL in link to FAQ) |
||
Line 30: | Line 30: | ||
options to some other setting. | options to some other setting. | ||
</pre> | </pre> | ||
[https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/raven/raven-faqs/n7 | [1][https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/raven/raven-faqs/n7 https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/raven/raven-faqs/n7] |
Latest revision as of 14:51, 20 September 2019
2009-05-13 1) The Ucam WebAuth IIS module does not correctly escape '&' characters when constructing authentication request messages to send to Raven. This prevents Raven from correctly decoding the request message, with unpredictable results. This is only a problem if authentication is triggered in response to URLs containing '&' - typically URLs containing query parameters. Subsequent access to URLs containing '&' are unaffected. In practice this problem is rarely seen because in most cases authentication is first triggered by 'plain' URLs that don't include query parameters. The only obvious work around is to ensure that authentication is always established, by access to a 'plain' URL, before URLs containing queries are accessed. 2) If a user sets their login option (see [1]) to 'Do not login to Raven', either by default of for a particular session, then the Ucam WebAuth IIS module will authenticate the user for under a second before requiring them to log in to Raven again. Typical symptoms of this is that the page triggering authentication and some of its assets (images, style sheets, etc.) load OK but that other assets are missing, and that access to any other protected page requires a further Raven login. The only work around for this is to ask the user to set their login options to some other setting.
[1]https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/raven/raven-faqs/n7