When logging in with https, redirects to ipsilon, logging in and redirecting back work correctly. However, when using http, after logging in ipsilon we encounter infinite redirects on the server side. It would be nice if it worked the same (maybe a default redirect to https if possible, or simply being able to "arrive" to login page from http page)
Hi, thanks for the report.
I think that you might have configured mod_auth_mellon or your client application to send the session cookies with the "secure" flag.
That means that the client will not send the cookie, upon which mod_auth_mellon sees the user about not being logged in, meaning they will start the login process again.
Are you using mod_auth_mellon (ipsilon-client-install uses this), or something else?
owner: => puiterwijk
status: new => accepted
Note that the configuration option for this in mod_auth_mellon is MellonsecureCookie.
Ipsilon sets this by default to "On", but you can set to "Off" to disable this flag.
If you do this, you will need to also disable "NSSRequireSSL" and/or "SSLRequireSSL" in that same file, or you will end up getting a 403 access denied.
I personally think this ticket will be resolved with the suggested fixes on the client side with cookie configuration.
resolution: => fixed
status: accepted => closed
Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
to comment on this ticket.