Customer was trying to test form login
using the WebSphere® Application Server
/webapp/examples/ping servlet. When the
servlet is accessed in the browser, the login page is displayed as
expected. However, even after entering a valid user/password combination,
the login page just keeps getting redisplayed.
In this case, a fully qualified hostname had been
used, but there still were problems.
It turns out the root of the problem is that they
had underscores in their hostname. When cookie prompting was turned on in
the browser, the Windows Internet Explorer was not getting back the
"LtpaToken" cookie which is required for the security to work correctly.
For cookies that Internet Explorer did get back, it showed the cookie
domain as only part of the hostname, with everything after the underscore
truncated. The Netscape browser on the same system did not seem to have
this problem, it received the "LtpaToken" cookie ok.
Workaround
Can use Netscape browser. However, Internet
standards do specify that hostnames should not contain underscores (RFC
1123 & RFC 932), so better to just change the hostname.
|