IDP doesn't work on the .org domain #3
Labels
No Label
art
big
blocked
bug
crash report
disputed
documentation
duplicate
feature request
good first issue
packaging
question
security
wontfix
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Projects/nettsiden#3
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I get the error message:
It would be nice if you logged in on one domain, you'd stay logged in on the other as well
(cross-domain session cookie?)
We don't have a certificate for .org, so I'd recommend limiting logging in to the other domain.
I ended up "fixing" this one when takin the site live. All access to .org is forwarded to .ntnu.no by lighttpd. There was an issue with http aswell, which was "fixed" by having lighttpd forward the client to https
See the mailing list, you should not automatically forward http to https, stuff breaks.
I've change the baseurlpath in simplesaml to use https when logging in instead, but i'd like to have the connection elevated to https when logging in, and force the session token to only be sent when the connection is secure, but this should do for now.
I've made the .org domain being forwarded to .ntnu.no when the path doesn't start with /~ (userpages).
The session cookie is only set on the .ntnu.no domain, probably due to the login url being set to that domain. This seems to have been the old solution on the old setup as well.
My previous fix for http/https (mailinglist) also fixed the cookie problem, so I removed the redirect.