DiscoJuice API not using SSL connections depending on geo location

39 views
Skip to first unread message

Patrick Frigg

unread,
Mar 16, 2016, 2:11:51 PM3/16/16
to DiscoJuice
We have been excited about InCommon joining Edugain. Unfortunately our SP www.siropglobal.org does not work from the US.

The reason is that metadata from DiscoJuice API https://cdn.discojuice.org/ is not loaded due to Mixed Content warning. This does not happen when accessing DiscoJuice from Europe (e.g. CH) but only when calling the page from the US (e.g. using VPN). We also had users testing it directly from the US with the same result:

Instead of https://cdn.discojuice.org/feed/switch?callback=_odunh1 the metadata is loaded via http: and blocked when the site itself is encrypted. See screenshots below for details.

Due to the dependence on geographic location the issue might gets caused by the geo-aware DNS and web caches of http://samlbits.net/ 

samlbits.org draws on ideas from the pool.ntp.org project to combines a simple distributed monitoring system combined with a geo-aware DNS server and an array of web caches. These components are located across multiple sites and there is no single point of failure.

I therefore will forward this issue to Leif Johansson from samlbits.org as well.

Best,
Patrick


https from CH


http from US



Patrick Frigg

unread,
Mar 17, 2016, 10:36:46 AM3/17/16
to DiscoJuice
We are currently looking for SPs which are using DiscoJuice on a SSL encrypted page to rule out some error sources. 

Any contributions are very welcome (we just need the name of your page).

Thx

Patrick Frigg

unread,
Mar 22, 2016, 2:32:52 PM3/22/16
to DiscoJuice
Thanks to Andreas Solberg for his analysis and solution. Changing a single line in discojuice.hosted by replacing /feeds/ with /feed/ solved the redirecting issue we had when accessed from the US:

 
Some more debugging in redirect of US nodes
 
siropglobal.org is loading metadata from urls like this:

https://cdn.discojuice.org/feeds/edugain?callback=_7r9xz9

and they are redirected to:

https://cdn.discojuice.org/feed/edugain?callback=_7r9xz9

Notice feeds versus feed.

The backend should properly redirect you from feeds to feed, but it seems that this particular redirect is problematic on the US nodes.

Most likely you will avoid the problem if you change your discojuice.hosted file, to use feed instead of feeds.
Reply all
Reply to author
Forward
0 new messages