Bug #38590
T3CON12 Stutgart: Call for papers gives 403
| Status: | Resolved | Start date: | 2012-07-03 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | [Team] Content | |||
| Target version: | - | |||
| Votes: | 0 |
Description
The link "submit your application" link on this page:
Leads to a 403: http://t3con12de.typo3.org/my/papers/new.html
http://t3con12de.typo3.org/call-for-papers.html
History
Updated by Ben van 't Ende 11 months ago
thanks joey, the issue does not really belong here. i will forward it to christian muller. gRTZ ben
Updated by Jo Hasenau 11 months ago
Cool - maybe you can tell him that it seems to be rleated to the login.
It took quite some tries to manage to login to the page since the redirect does not seem to work as expected and you often find yourself logged out at the default typo3.org page.
So once you managed to login the 403 won't show up any more.
Updated by Christian Mueller 11 months ago
Sure, I removed the link there for now as we just cannot know if someone is logged it at that point (and probably is not). I will think about a nicer solution. As for the login, I know it is somehow not perfect, I used it around 10000 times while setting up the SSO, but from what I heard this redirect problems come from some changes in the new typo3.org site which are not that easy to fix. I am not sure I can do something about it.
Updated by Christian Mueller 11 months ago
Another Point, I cannot assign this ticket to me, nor change the status...
Updated by Helmut Hummel 11 months ago
- Status changed from New to Accepted
The problem with the login is the following (I wrote mails to Andi, Robert and Karsten informing them about that fact):
The username and password fields on the conference website are obsolete and cannot work, because we now use rsa encryption on typo3.org.
On the old typo3.org it worked out to directly send a post request via https to typo3.org with the correct username and password parameters, triggering a login on typo3.org. After the user was logged in, the SSO plugin was triggered and the user got redirected back to the conference site with the correct SSO parameters triggering authentication on the conference website.
Now that we use rsa encryption on typo3.org the conference website cannot share a session with typo3.org where parts of the rsa key to encrypt the password are stored. Thus submitting username and plaintext password (https encrypted) to typo3.org does not do anything, but presenting a login box on typo3.org where the user must again enter username and password. After that login is successful, the SSO plugin redirects back to the conference site with a valid token so that finally the user is logged in there.
Basically, one can just submit the login form on the conference site with no credentials at all, the important part only is logging in at typo3.org and being redirected back to the conference site.
As said above, I already suggested to change the login box on the conference site(s) to just be a link to the sso-plugin on typo3.org like on every other page (wiki, forge, mantis) we have, but nothing has been done in that regard yet.
Updated by Helmut Hummel 11 months ago
The link "submit your application" link on this page: Leads to a 403: http://t3con12de.typo3.org/my/papers/new.html
This link only works if one is logged in and already created a speakers profile before:
https://t3con12de.typo3.org/my/speaker-profile.html
Would be nice to get a better error message stating that fact.
The link on that page seems to be removed now.
Updated by Christian Mueller 11 months ago
Right, thanks for your explanation here. I will try to modify the loginbox to show only a link. I guessed what you explained, but didn't know for sure...
Updated by Christian Mueller 11 months ago
Ok guys, whoever can close it, I guess you can do so. The link to cfp is removed (so you need to login to go there) and the login form was replaced by a link to the typo3.org login page.
Updated by Thomas Loeffler 11 months ago
- Status changed from Accepted to Resolved