Hi there,
we have a strange problem with Domino SSO on Linux.
We use SSO between Tomcat 6.5 and Domino 8.5.1 and if you see at the bottom in the SSO log
when Domino tries to decode the cookie it fails because in the cookie is an apostrophe.
- at 03:14:37.87 PM you see it handles the correct cookie in base64 encoded
The correct base64 encoded cookie: AAECAzRCODI3MkIzNEI4Mjc5QkJDTj1BRE1OLTdZSkZQOC9PPWxham9zbWl6c2V+Oq+PZZdS9pEZLZMvF/ZDge/oaA==
- at 03:14:37.90 PM it tries to decode it but it fails because of the apostrophe in the cookie
The wrong base64 encoded cookie that domino tries to decode : “AAECAzRCODI3MkIzNEI4Mjc5QkJDTj1BRE1OLTdZSkZQOC9PPWxham9zbWl6c2V+Oq+PZZdS9pEZLZMvF/ZDge/oaA==”
Why places Domino apostrophe in the cookie? Our solution worked well on Domino 7 on Windows 2003.
The SSO solution we use is: Lotus Domino and Apache Tomcat - Single Sign On (SSO)
The Domino console:
02/22/2010 03:14:37.87 PM [13061:00011-2938076048] SSO API> Dumping memory of constructed token [67 bytes].
00000000: 0100 0302 4234 3238 3139 4434 4234 3238 ‘…4B82914D4B82’
00000010: 3839 3535 4E43 413D 4D44 2D4E 5937 464A ‘9855CN=ADMN-7YJF’
00000020: 3850 4F2F 6C3D 6A61 736F 696D 737A CA65 ‘P8/O=lajosmizseJ’
00000030: A3F6 E257 96A9 B881 E89E 1A7A AB50 4868 ‘v#Wb)…8.hz.P+hH’
00000040: 0A56 2B ‘V.+’
02/22/2010 03:14:37.87 PM [13061:00011-2938076048] SSO API> Dumping memory of encoded token [92 bytes].
00000000: 4141 4345 7A41 4352 444F 3549 544D 4552 ‘AAECAzRCODI5MTRE’
00000010: 454E 3449 6A4D 346B 544E 4456 6A54 4231 ‘NEI4Mjk4NTVDTj1B’
00000020: 4552 4F31 544C 5A64 6B53 515A 434F 5039 ‘RE1OLTdZSkZQOC9P’
00000030: 5750 6878 6D61 7A39 5762 366C 3263 4B58 ‘PWxham9zbWl6c2XK’
00000040: 7139 584E 7134 576D 6267 6569 4836 616F ‘9qNX4qmWgbie6Hoa’
00000050: 4B55 6F74 4653 4B59 774B 3D3D ‘UKtoSFYKKw==’
02/22/2010 03:14:37.87 PM [13061:00011-2938076048] SSO API> *** Freeing Single Sign-On Token (SECTokenFree) ***
02/22/2010 03:14:37.87 PM [13061:00011-2938076048] TxnEnd> SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2938076048] request_done> SN00041F555-SN00041F555 getSessionToken 1 ms
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] TxnBeg> SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] request> SN00041F555-SN00041F555 recycle
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] Csession::recycle> SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] CWBase::recycle> SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] TxnEnd> SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] request_done> SN00041F555-SN00041F555 recycle 0 ms
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] CSession> Closed SN00041F555
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] ConnMgr> task 855D040 removed session SN00041F555 (0 sessions total)
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] ConnMgr> task 855D040 closing down
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] CWBase::destructor> SN00041F555, localObj 0
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] ConnMgr> task 855D040 recycling 0 session(s)
02/22/2010 03:14:37.87 PM [13061:00011-2937809808] ConnMgr> task 855D040 deleted, task count: 0
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> *** Validating Token List (SECTokenListValidateAndGetInfo) ***
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> OrgName specified [lajosmizse].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> ConfigName specified [LtpaToken].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Retrieved global static cache memory for config [lajosmizse:LtpaToken].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> *** Retrieving Extra Token Info (SECTokenValidateAndGetTokenInfo2) ***
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> OrgName specified [lajosmizse].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> ConfigName specified [LtpaToken].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Retrieved global static cache memory for config [lajosmizse:LtpaToken].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Decoding Domino style Single Sign-On token.
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Dumping memory of encoded token [94 bytes].
00000000: 4122 4541 4143 527A 4F43 4944 4D35 5254 ‘"AAECAzRCODI5MTR’
00000010: 4E45 4945 4D34 6B6A 4E34 5654 5444 316A ‘ENEI4Mjk4NTVDTj1’
00000020: 5242 3145 4C4F 6454 535A 5A6B 4F51 3943 ‘BRE1OLTdZSkZQOC9’
00000030: 5050 7857 6168 396D 627A 6C57 6336 5832 ‘PPWxham9zbWl6c2X’
00000040: 394B 4E71 3458 6D71 6757 6962 3665 6F48 ‘K9qNX4qmWgbie6Ho’
00000050: 5561 744B 536F 5946 4B4B 3D77 223D ‘aUKtoSFYKKw=="’
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Dumping memory of decoded token [70 bytes].
00000000: 0000 0804 D10C E008 E4C8 D1C4 D110 E008 ‘…Q.HdDQ.Q.’
00000010: E4C8 D4E0 0DD5 F538 1105 3835 DDB4 2965 ‘Hd`TU.8u…584]e)’
00000020: 4019 BDE0 F53C 85B1 BDA9 B5CD E9A5 97CD ‘.@`=<u1.)=M5%iM.’
00000030: DA2B 5F8D A68A 065A 7BE2 E8A1 4269 A1AD ‘+Z._.&Z.b{!hiB-!’
00000040: 5821 AC28 0000 ‘!X(,…’
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> Digest verification failed [Single Sign-On token is invalid].
02/22/2010 03:14:37.90 PM [13052:00013-2625104784] SSO API> ERROR: when decoding Domino LtpaToken [Single Sign-On token is invalid].
The Java code that generates the cookie in our application:
// Create a LtpaToken for this username and password.
LtpaToken token = new LtpaToken(dominoServer, username, password);
// Add a new LtpaToken cookie to the web browser. This is added to
// the HttpServletResponse.
boolean success;
success = token.setCookie(response, ltpaTokenCookieDomain);
// Is the LtpaToken cookie valid?
if (success) {
ret = true;
// Redirect the user to the requested web page.
if (session != null) {
logMessage(debug, username + " - Redirecting to "
+ redirectto);
}
}
Thank you
Andras