Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Problems with ProxyConnect (not authenticating)
I have a custom application at:
https://sis.--TEST--.org.l/myols/
I've installed Vanilla 2.0.16 at:
https://sis.--TEST--.org.l/myols/forums/vanilla/
I've installed Vanilla Proxyconnect 1.8.4, set it as the authentication method, and edited the file per this report http://wwww.vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems/p1
/myols/forums/vanilla/library/core/functions.general.php
I've setup my custom integration file:
https://sis.--TEST--.org.l/myols/forums/vanauth.php
This file returns a blank page if a user is not authenticated with my custom app. And content like this for an authenticated user:
My test process is this:
1. Log out of vanilla forum, and custom app
2. Delete all cookies in browser
3. Visit the Forum, and I'm not signed in
4. Click the "Sign In" link, get forwarded to my application login page, login to my application as the user shown above (23)
5. Visit the Forum, and it does not show me signed in, should I see a dialog box prompting me to create an account?
6. Check the vanauth.php page and it lists the right details
7. Repeat the steps above, but logging in as a a different user, same problem
Suspected problem possibilities:
- HTTPS
- HTTPS with a self signed cert
- Cookies: (see image http://dl.dropbox.com/u/500242/Screen shot 2010-12-15 at 10.02.23 AM.png)
.--TEST--.org.l Vanilla /
.--TEST--.org.l Vanilla-Volatile /
sis.--TEST--.org.l PHPSESSID /
DETAILS:
PHP Version 5.3.0
System Darwin fuxi.local 10.5.0 Darwin Kernel Version 10.5.0: Fri Nov 5 23:20:39 PDT 2010; root:xnu-1504.9.17~1/RELEASE_I386 i386
Apache Version Apache/2.2.12 (Unix) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
https://sis.--TEST--.org.l/myols/
I've installed Vanilla 2.0.16 at:
https://sis.--TEST--.org.l/myols/forums/vanilla/
I've installed Vanilla Proxyconnect 1.8.4, set it as the authentication method, and edited the file per this report http://wwww.vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems/p1
/myols/forums/vanilla/library/core/functions.general.php
from 1254 if (!$Success)
to 1254 if ($Success)I've setup my custom integration file:
https://sis.--TEST--.org.l/myols/forums/vanauth.php
This file returns a blank page if a user is not authenticated with my custom app. And content like this for an authenticated user:
UniqueID=23
Name=Jeremy Anderson
Email=sistest23@test.orgMy test process is this:
1. Log out of vanilla forum, and custom app
2. Delete all cookies in browser
3. Visit the Forum, and I'm not signed in
4. Click the "Sign In" link, get forwarded to my application login page, login to my application as the user shown above (23)
5. Visit the Forum, and it does not show me signed in, should I see a dialog box prompting me to create an account?
6. Check the vanauth.php page and it lists the right details
7. Repeat the steps above, but logging in as a a different user, same problem
Suspected problem possibilities:
- HTTPS
- HTTPS with a self signed cert
- Cookies: (see image http://dl.dropbox.com/u/500242/Screen shot 2010-12-15 at 10.02.23 AM.png)
){kind=link}
.--TEST--.org.l Vanilla /
.--TEST--.org.l Vanilla-Volatile /
sis.--TEST--.org.l PHPSESSID /
DETAILS:
PHP Version 5.3.0
System Darwin fuxi.local 10.5.0 Darwin Kernel Version 10.5.0: Fri Nov 5 23:20:39 PDT 2010; root:xnu-1504.9.17~1/RELEASE_I386 i386
Apache Version Apache/2.2.12 (Unix) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
Tagged:
1
Comments
my webserver responds to this with "Bad request".
Check your Apache access.log. If you see lines like:"\x16\x03\x01" 200 5418 then it is most definately an SSL issue. Run a phpinfo(); locally and check that cURL is compiled with the same version of OpenSSL!
I had the same problem when using a self-signed SSL cert in my dev environment. It works fine in prod, where I'm using a Comodo-issued SSL cert.