Just to publish the problem here:
If you look at the first response from the server, it contains:
Set-Cookie: JSESSIONID=93113C16FE6BE480C36B8676895A6BE0; Path=/;
Secure
but if you look at the next post, you can see the cookie is not being
sent from the GSA:
=======
=======
This turns out to be a known issue because of the Secure attribute on
the cookie. When creating a forms auth/cookie rule for a site that
uses secure cookies, you must be logged into the HTTPs Admin Console
on port 8443. Otherwise, the GSA will not send secure cookies over
normal HTTP.
Hope this helps somebody else who runs into this issue.
Brian
On Nov 28, 12:54 am, Marcos Farias <
mfarias2...@gmail.com> wrote:
> Hi guys,
>
> Have any of you faced a "HTTP/1.1 408 The time allowed for the login
> process has been exceeded." error message when trying to set up a Form
> Authentication rule on GSA?
>
> I'm trying to crawl and index a https protected site that has a valid
> certificate but I'm getting into that error message. When I disable https on
> my site and set GSA to crawl using http instead of https, everything goes
> fine.
>
> I don't know if it helps, but I paste both https and http logs of the forms
> auth rule setup.
>
> Thanks in advance,
> Marcos.
>
> *Below, you can find log of the forms authentication rule setup, showing
> HTTP and HTTPS headers when I try to set Form Auth using httpS *
>
> Request: GEThttps://
www.customerdomain.com/app/home.do
> Headers:
> User-Agent: gsa-crawler
> Accept: */*
> Host:
www.customerdomain.com
>
> ================================================
>
> Response: status = HTTP/1.1 200 OK
> Headers:
> Date: Fri, 27 Nov 2009 15:32:07 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 21:00:00 BRT
> Set-Cookie: JSESSIONID=93113C16FE6BE480C36B8676895A6BE0; Path=/; Secure
> Content-Length: 1459
> Content-Type: text/html;charset=ISO-8859-1
>
> ================================================
>
> Request: POSThttps://
www.customerdomain.com/app/j_security_check
> Headers:
> Content-type: application/x-www-form-urlencoded
> User-Agent: gsa-crawler
> Accept: */*
> Host:
www.customerdomain.com
> Content-Length: 67
>
> Parameters:
> name=j_password, value=******
> name=dispatchMethod, value=
> name=j_username, value=user01
> name=postBack, value=true
>
> ================================================
>
> Response: status = HTTP/1.1 408 The time allowed for the login process has
> been exceeded. If you wish to continue you must either click back twice and
> re-click the link you requested or close and re-open your browser
> Headers:
> Date: Fri, 27 Nov 2009 15:32:14 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Content-Length: 1554
> Connection: close
> Content-Type: text/html;charset=utf-8
>
> ================================================
>
> *Below, you can find log of the forms authentication rule setup, showing
> HTTP and HTTPS headers when I try to set Form Auth using http *
>
> Request: GEThttp://
www.customerdomain.com/app/home.do
> Headers:
> User-Agent: gsa-crawler
> Accept: */*
> Host:
www.customerdomain.com
>
> ================================================
>
> Response: status = HTTP/1.1 200 OK
> Headers:
> Date: Fri, 27 Nov 2009 15:50:29 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 21:00:00 BRT
> Set-Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497; Path=/
> Content-Length: 1459
> Content-Type: text/html;charset=ISO-8859-1
>
> ================================================
>
> Request: POSThttp://
www.customerdomain.com/app/j_security_check
> Headers:
> Content-type: application/x-www-form-urlencoded
> User-Agent: gsa-crawler
> Cookie: JSESSIONID=1F0F22A9450A65589D780596C3E10497;
> Accept: */*
> Host:
www.customerdomain.com
> Content-Length: 67
>
> Parameters:
> name=j_password, value=******
> name=dispatchMethod, value=
> name=j_username, value=user01
> name=postBack, value=true
>
> ================================================
>
> Response: status = HTTP/1.1 302 Moved Temporarily
> Headers:
> Date: Fri, 27 Nov 2009 15:50:37 GMT
> Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
> Location:
http://www.customerdomain.com/app/home.do
> Content-Length: 0
> Content-Type: text/plain
>
> ================================================
>
> Request: GEThttp://
www.customerdomain.com/app/home.do