CSS. loosing login/pass info due to redirection http -> https

Unanswered Question
Jun 14th, 2007

Hi,

I have sort of a problem with CSS 11501 (ios 8.20.1.01).

The desigh is:

client(http) -internet-> router -> checkpoint(nat) -> css -> backe-end server. CSS, checkpoind, back-end server are in the same subnet. CSS performs SSL termination.

I want to have automatic redirection from http to https, so when the remote client connects to CSS with http he's redirected to https. The client enter login/pass info but this info is lost after redirection and it's nesessary to enter login/pass again.

Note: If I connect to https directly I'm able to login without problems.

CSS config:

!************************** CIRCUIT **************************

circuit VLAN112

ip address 10.112.0.3 255.255.0.0

circuit VLAN114

ip address 10.114.0.3 255.255.0.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list rrssl1

ssl-server 1

ssl-server 1 dhparam ...

ssl-server 1 rsacert ...

ssl-server 1 rsakey ...

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 10.112.0.107 80

ssl-server 1 vip address 10.112.0.241

!************************** SERVICE **************************

service secure-transfer

type redirect

no prepend-http

ip address 2.2.2.2

keepalive type none

domain "https://test1.abc.com"

active

service sslservice

type ssl-accel

add ssl-proxy-list rrssl1

slot 2

keepalive type none

active

!*************************** OWNER ***************************

owner test

content default-redirect

protocol tcp

port 80

url "/*"

vip address 10.112.0.241

add service secure-transfer

active

content ssl-rule

protocol tcp

port 443

add service sslservice

vip address 10.112.0.241

active

Tnx a lot in advance for any comments.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Thu, 06/14/2007 - 03:33

the CSS itself is not involved in the login process.

If you have to login in HTTP, it means the login is requested before you get to the CSS.

[the CSS would just forward a redirect and will not request any login and will not connect to the server].

So, the checkpoint firewall is probably doing the login.

You should check there for help.

Gilles.

kreshetnikov Thu, 06/14/2007 - 04:10

The back-end server performed authentication after redirection http -> https, the firewall does no authentication. The problem was solved , unfortunatly it was not an issue that could be resolved via the css. We had to resort to manually editing the html file.

Actions

This Discussion