Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
ProxyConnect... So close... Can't login as more than one user
I am trying to get the ProxyConnect plugin to work, and surprisingly it was extremely easy to setup and integrate into my existing application. I am having some really odd behavior with it and I am curious if anybody else has run into this and has a solution.
When I first go to sign in to vanilla (http://localhost/vanilla) it correctly links me to my web application which is at http://localhost/ Then after I authenticate and become logged into my web application (it is running SpringSource in java) I go back to vanilla and it logs me in correctly as the user name I supply to the service on the backend (I am using a RESTful service to generate the required fields (UniqueID, Name and Email). So far everything is looking great!
Here's my troubles, I now log out of vanilla and my web application, then I manually delete all of my cookies. Now when I log in again with a DIFFERENT USER and visit the vanilla portion of my site, I can see on the back end where Vanilla is asking for the credentials and my application is supplying the correct values with the different user name and unique id and email. (so I logged in the first time with User1 and then the second time with User2). But when I am in vanilla it has me logged in again as the first user (User1) which is very odd.
Here is an overview:
1. Log in with User1
2. visit vanilla and I am successfully logged in as User1 (YAY!)
3. Log out, delete all cookies by clearing the cache and cookies
4. visit vanilla again and confirm that I am logged out
5. login again but this time as User2
6. visit vanilla again but I am logged in again as User1
Has anyone run into this error before? There has to be a cache or some sort of mechanism which is persisting my username but I can't figure it out. Am I set up incorrectly? Do I need a Domain (which I did not set on the proxyconnect plugin page)?
Here are my stats on the System that I am using:
1. url: http://localhost
2. webserver: apache2 with tomcat running on the backend for my servlets
3. servlet: Tomcat 7 (this should not matter I everything appears to vanilla that I am just running in Apache2)
4. OS: Ubuntu Linux
5. DB: MySQL 5.x
6. ProxyConnect version: 1.8.4
7. Vanilla version: I have tried 2.0.11, 2.0.6 and the latest download
Again the credentials are being passed correctly (I can see this on the debug screen of my servlet) and Vanilla is asking for the credentials at the appropriate times. This is a really cool feature and I really love the work you have done with vanilla, It kicks ass.
When I first go to sign in to vanilla (http://localhost/vanilla) it correctly links me to my web application which is at http://localhost/ Then after I authenticate and become logged into my web application (it is running SpringSource in java) I go back to vanilla and it logs me in correctly as the user name I supply to the service on the backend (I am using a RESTful service to generate the required fields (UniqueID, Name and Email). So far everything is looking great!
Here's my troubles, I now log out of vanilla and my web application, then I manually delete all of my cookies. Now when I log in again with a DIFFERENT USER and visit the vanilla portion of my site, I can see on the back end where Vanilla is asking for the credentials and my application is supplying the correct values with the different user name and unique id and email. (so I logged in the first time with User1 and then the second time with User2). But when I am in vanilla it has me logged in again as the first user (User1) which is very odd.
Here is an overview:
1. Log in with User1
2. visit vanilla and I am successfully logged in as User1 (YAY!)
3. Log out, delete all cookies by clearing the cache and cookies
4. visit vanilla again and confirm that I am logged out
5. login again but this time as User2
6. visit vanilla again but I am logged in again as User1
Has anyone run into this error before? There has to be a cache or some sort of mechanism which is persisting my username but I can't figure it out. Am I set up incorrectly? Do I need a Domain (which I did not set on the proxyconnect plugin page)?
Here are my stats on the System that I am using:
1. url: http://localhost
2. webserver: apache2 with tomcat running on the backend for my servlets
3. servlet: Tomcat 7 (this should not matter I everything appears to vanilla that I am just running in Apache2)
4. OS: Ubuntu Linux
5. DB: MySQL 5.x
6. ProxyConnect version: 1.8.4
7. Vanilla version: I have tried 2.0.11, 2.0.6 and the latest download
Again the credentials are being passed correctly (I can see this on the debug screen of my servlet) and Vanilla is asking for the credentials at the appropriate times. This is a really cool feature and I really love the work you have done with vanilla, It kicks ass.
1
Comments
http://vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems
The fix where he says to change if(!$Success) to if($Success)
And more importantly (I think) I changed my response to add in a few extra new line characters and spaces to my response to the authentication url as Larry K said "The bug causes the first 4 characters of the SSO response to be discarded"
So now my response to the authentication is:
" "
""
""
""
"UniqueID=69"
"Name=User1"
"Email=...."
Instead of:
"UniqueID=69"
"Name=User1"
"Email=...."
Thanks to your awesome forums and forum software I'm going to have a sweet website!
Mahalo,
Dustin