jornane
commented
6 years ago We don't have a certificate for .org, so I'd recommend limiting logging in to the other domain.
Closed pbsds closed 6 years ago
jornane
commented
6 years ago We don't have a certificate for .org, so I'd recommend limiting logging in to the other domain.
pbsds
commented
6 years ago I ended up "fixing" this one when takin the site live. All access to .org is forwarded to .ntnu.no by lighttpd. There was an issue with http aswell, which was "fixed" by having lighttpd forward the client to https
jornane
commented
6 years ago See the mailing list, you should not automatically forward http to https, stuff breaks.
pbsds
commented
6 years ago I've change the baseurlpath in simplesaml to use https when logging in instead, but i'd like to have the connection elevated to https when logging in, and force the session token to only be sent when the connection is secure, but this should do for now.
pbsds
commented
6 years ago I've made the .org domain being forwarded to .ntnu.no when the path doesn't start with /~ (userpages). The session cookie is only set on the .ntnu.no domain, probably due to the login url being set to that domain. This seems to have been the old solution on the old setup as well.
jornane
commented
6 years ago My previous fix for http/https (mailinglist) also fixed the cookie problem, so I removed the redirect.
I get the error message:
It would be nice if you logged in on one domain, you'd stay logged in on the other as well (cross-domain session cookie?)