GSA Form Authentication erro - http 408

8 views
Skip to first unread message

Marcos Farias

unread,
Nov 27, 2009, 10:54:21 AM11/27/09
to google-search-...@googlegroups.com

Hi guys,

  Have any of you faced a "HTTP/1.1 408 The time allowed for the login process has been exceeded." error message when trying to set up a Form Authentication rule on GSA?

  I'm trying to crawl and index a https protected site that has a valid certificate but I'm getting into that error message. When I disable https on my site and set GSA to crawl using http instead of https, everything goes fine.

 I don't know if it helps, but I paste both https and http logs of the forms auth rule setup.
  
Thanks in advance,
Marcos.


Below, you can find log of the forms authentication rule setup, showing HTTP and HTTPS headers when I try to set Form Auth using httpS 



Headers: 
User-Agent: gsa-crawler 
Accept: */* 

================================================ 

Response: status = HTTP/1.1 200 OK 
Headers: 
Date: Fri, 27 Nov 2009 15:32:07 GMT 
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server 
Pragma: No-cache 
Cache-Control: no-cache 
Expires: Wed, 31 Dec 1969 21:00:00 BRT 
Set-Cookie: JSESSIONID=93113C16FE6BE480C36B8676895A6BE0; Path=/; Secure 
Content-Length: 1459 
Content-Type: text/html;charset=ISO-8859-1 

================================================ 

Headers: 
Content-type: application/x-www-form-urlencoded 
User-Agent: gsa-crawler 
Accept: */* 
Content-Length: 67 

Parameters: 
name=j_password, value=****** 
name=dispatchMethod, value= 
name=j_username, value=user01 
name=postBack, value=true 

================================================ 

Response: status = HTTP/1.1 408 The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser 
Headers: 
Date: Fri, 27 Nov 2009 15:32:14 GMT 
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server 
Content-Length: 1554 
Connection: close 
Content-Type: text/html;charset=utf-8 

================================================ 

 
Below, you can find log of the forms authentication rule setup, showing HTTP and HTTPS headers when I try to set Form Auth using http 

Headers: 
User-Agent: gsa-crawler 
Accept: */* 

================================================ 

Response: status = HTTP/1.1 200 OK 
Headers: 
Date: Fri, 27 Nov 2009 15:50:29 GMT 
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server 
Pragma: No-cache 
Cache-Control: no-cache 
Expires: Wed, 31 Dec 1969 21:00:00 BRT 
Set-Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497; Path=/ 
Content-Length: 1459 
Content-Type: text/html;charset=ISO-8859-1 

================================================ 

Headers: 
Content-type: application/x-www-form-urlencoded 
User-Agent: gsa-crawler 
Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497; 
Accept: */* 
Content-Length: 67 

Parameters: 
name=j_password, value=****** 
name=dispatchMethod, value= 
name=j_username, value=user01 
name=postBack, value=true 

================================================ 

Response: status = HTTP/1.1 302 Moved Temporarily 
Headers: 
Date: Fri, 27 Nov 2009 15:50:37 GMT 
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server 
Content-Length: 0 
Content-Type: text/plain 

================================================ 

Headers: 
User-Agent: gsa-crawler 
Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497; 
Accept: */* 

================================================ 

Response: status = HTTP/1.1 200 OK 
Headers: 
Date: Fri, 27 Nov 2009 15:50:38 GMT 
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server 
Pragma: No-cache 
Cache-Control: no-cache 
Expires: Wed, 31 Dec 1969 21:00:00 BRT 
Set-Cookie: JSESSIONIDSSO=48E9E7262AEF00A7AFFCE7BF049BED37; Domain=customerdomain.com; Path=/ 
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 
Transfer-Encoding: chunked 
Content-Type: text/html;charset=ISO-8859-1 

================================================ 

brianb

unread,
Dec 3, 2009, 1:22:55 AM12/3/09
to Google Search Appliance/Google Mini - Google Search Appliance/Google Mini
Just to publish the problem here:

If you look at the first response from the server, it contains:

Set-Cookie: JSESSIONID=93113C16FE6BE480C36B8676895A6BE0; Path=/;
Secure

but if you look at the next post, you can see the cookie is not being
sent from the GSA:

=======
Request: POST https://www.customerdomain.com/app/j_security_check
Headers:
Content-type: application/x-www-form-urlencoded
User-Agent: gsa-crawler
Accept: */*
Host: www.customerdomain.com
Content-Length: 67
=======

This turns out to be a known issue because of the Secure attribute on
the cookie. When creating a forms auth/cookie rule for a site that
uses secure cookies, you must be logged into the HTTPs Admin Console
on port 8443. Otherwise, the GSA will not send secure cookies over
normal HTTP.

Hope this helps somebody else who runs into this issue.

Brian

On Nov 28, 12:54 am, Marcos Farias <mfarias2...@gmail.com> wrote:
> Hi guys,
>
>   Have any of you faced a "HTTP/1.1 408 The time allowed for the login
> process has been exceeded." error message when trying to set up a Form
> Authentication rule on GSA?
>
>   I'm trying to crawl and index a https protected site that has a valid
> certificate but I'm getting into that error message. When I disable https on
> my site and set GSA to crawl using http instead of https, everything goes
> fine.
>
>  I don't know if it helps, but I paste both https and http logs of the forms
> auth rule setup.
>
> Thanks in advance,
> Marcos.
>
> *Below, you can find log of the forms authentication rule setup, showing
> HTTP and HTTPS headers when I try to set Form Auth using httpS *
>
> Request: GEThttps://www.customerdomain.com/app/home.do
> Headers:
> User-Agent: gsa-crawler
> Accept: */*
> Host:www.customerdomain.com
>
> ================================================
>
> Response: status = HTTP/1.1 200 OK
> Headers:
> Date: Fri, 27 Nov 2009 15:32:07 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 21:00:00 BRT
> Set-Cookie: JSESSIONID=93113C16FE6BE480C36B8676895A6BE0; Path=/; Secure
> Content-Length: 1459
> Content-Type: text/html;charset=ISO-8859-1
>
> ================================================
>
> Request: POSThttps://www.customerdomain.com/app/j_security_check
> Headers:
> Content-type: application/x-www-form-urlencoded
> User-Agent: gsa-crawler
> Accept: */*
> Host:www.customerdomain.com
> Content-Length: 67
>
> Parameters:
> name=j_password, value=******
> name=dispatchMethod, value=
> name=j_username, value=user01
> name=postBack, value=true
>
> ================================================
>
> Response: status = HTTP/1.1 408 The time allowed for the login process has
> been exceeded. If you wish to continue you must either click back twice and
> re-click the link you requested or close and re-open your browser
> Headers:
> Date: Fri, 27 Nov 2009 15:32:14 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Content-Length: 1554
> Connection: close
> Content-Type: text/html;charset=utf-8
>
> ================================================
>
> *Below, you can find log of the forms authentication rule setup, showing
> HTTP and HTTPS headers when I try to set Form Auth using http *
>
> Request: GEThttp://www.customerdomain.com/app/home.do
> Headers:
> User-Agent: gsa-crawler
> Accept: */*
> Host:www.customerdomain.com
>
> ================================================
>
> Response: status = HTTP/1.1 200 OK
> Headers:
> Date: Fri, 27 Nov 2009 15:50:29 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 21:00:00 BRT
> Set-Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497; Path=/
> Content-Length: 1459
> Content-Type: text/html;charset=ISO-8859-1
>
> ================================================
>
> Request: POSThttp://www.customerdomain.com/app/j_security_check
> Headers:
> Content-type: application/x-www-form-urlencoded
> User-Agent: gsa-crawler
> Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497;
> Accept: */*
> Host:www.customerdomain.com
> Content-Length: 67
>
> Parameters:
> name=j_password, value=******
> name=dispatchMethod, value=
> name=j_username, value=user01
> name=postBack, value=true
>
> ================================================
>
> Response: status = HTTP/1.1 302 Moved Temporarily
> Headers:
> Date: Fri, 27 Nov 2009 15:50:37 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Location:http://www.customerdomain.com/app/home.do
> Content-Length: 0
> Content-Type: text/plain
>
> ================================================
>
> Request: GEThttp://www.customerdomain.com/app/home.do

Marcos Farias

unread,
Dec 3, 2009, 7:15:40 AM12/3/09
to google-search-...@googlegroups.com
Thanks Brian :-)


--

You received this message because you are subscribed to the Google Groups "Google Search Appliance/Google Mini" group.
To post to this group, send email to Google-Search-...@googlegroups.com.
To unsubscribe from this group, send email to Google-Search-Applia...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/Google-Search-Appliance-Help?hl=en.



Marcos Farias

unread,
Dec 3, 2009, 9:26:54 AM12/3/09
to google-search-...@googlegroups.com
Another point identified during this troubleshooting was this error message at the GSA internal logs:

"
Cookie syntax error. Skip this cookie: JSESSIONIDSSO=7F83F084E45D9DA7CFA5C16103B1EA51; Domain=mydomain.com; Path=/

 If you look, the domain attribute is incorrect. Per RFC, the domain needs to start with a dot (.). So for example: domain=.mydomain.com
"

Right now, it doesn't seem to cause any problem, but I've already noticed the customer development team to take a look on that.

Regards
Reply all
Reply to author
Forward
0 new messages