Ticket mismatches

matth

unread,

Aug 2, 2010, 1:41:53 PM8/2/10

to mod_auth_pubtkt users

Hi there,

Just wondering if there could be a separate URL for mismatched
tickets?

E.G. Some user tampers with the cookie, we'd like to know about it, so
we could put some logging on a special endpoint?

Cheers,

Matt

Manuel Kasper

unread,

Aug 4, 2010, 12:05:41 PM8/4/10

to mod_auth_p...@googlegroups.com

On 02.08.2010, at 19:41, matth wrote:

> Just wondering if there could be a separate URL for mismatched
> tickets?
>
> E.G. Some user tampers with the cookie, we'd like to know about it, so
> we could put some logging on a special endpoint?

Sounds reasonable - I've added it to the to do/wishlist on <https://neon1.net/mod_auth_pubtkt/>. Shouldn't be too hard to add the next time I touch the Apache module source code :)

In the meantime, what you can also do is parse/verify the ticket yourself in your login server code to detect tickets with invalid signatures (but I see that you've implemented a matching Ruby library function, so I guess you're already doing that :).

- Manuel

Matthew Haynes

unread,

Aug 4, 2010, 12:13:28 PM8/4/10

to mod_auth_p...@googlegroups.com

Thanks Manuel,

Yep the client library can verify the ticket too so it can be implemented that way.

Kudos for the module, it's so simple I'm not sure why there aren't loads more solutions like this. Makes such a difference delegating auth to Apache, especially when your running multiple webapps in various languages :)

Cheers,

Matt

Reply all

Reply to author

Forward