Uploaded image for project: 'IGB'
  1. IGB
  2. IGBF-3204

Create secure quickload that redirects

        Details

        • Type: Task
        • Status: Closed (View Workflow)
        • Priority: Major
        • Resolution: Done
        • Affects Version/s: None
        • Fix Version/s: None
        • Labels:
          None

          Description

          Situation: As part of testing for IGBF-3196 and IGBF-3103 it would be helpful if we could test a secure quickload site that redirects from http to https.

          Task: Create a secure quickload site that redirects from http to https.

            Attachments

              Issue Links

              is blocked by

              Task - A task that needs to be done. IGBF-3211 Update logic to send redirect url to IGB Data Source endpoint

              • Blocker - Blocks development and/or testing work, production could not run.
              • Closed
              relates to

              Bug - A problem which impairs or prevents the functions of the product. IGBF-3196 Investigate: Why is the password asked for twice after adding secure data source.

              • Major - Major loss of function.
              • To-Do

              Task - A task that needs to be done. IGBF-3103 Enable IGB to follow http to https redirect for Quickload meta-data files

              • Blocker - Blocks development and/or testing work, production could not run.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                nfreese Nowlan Freese added a comment -

                These are the two secure http quickload sites we currently use for testing that do not require a redirect:

                http://igbquickload.org/secureQuickloadTestSites/secureSiteTest

                http://igbquickload.org/secureQuickloadTestSites/secureSiteTest2

                Show
                nfreese Nowlan Freese added a comment - These are the two secure http quickload sites we currently use for testing that do not require a redirect: http://igbquickload.org/secureQuickloadTestSites/secureSiteTest http://igbquickload.org/secureQuickloadTestSites/secureSiteTest2
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                I have created a new location with password protection and redirection set up.

                To see this in action:

                I can't tell when the redirection happens - before or after user name and password challenge occurs.

                Show
                ann.loraine Ann Loraine added a comment - I have created a new location with password protection and redirection set up. To see this in action: Visit URL http://bioviztest3.bioviz.org/quickload/password-protected-example Observe that a dialog appears requested you to enter a user name and password Enter user "guest" and password "guest" If the password is entered correctly, the Web browser will show URL https://bioviztest3.bioviz.org/quickload/password-protected-example I can't tell when the redirection happens - before or after user name and password challenge occurs.
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment - - edited

                I have created a new redirection testing resource on bioviztest3.bioviz.org in which the password challenge is meant to occur after the redirection response is received by the client.

                The Apache configuration file (httpd.conf) contains the following line:

                Redirect /bogus/redirect-example /quickload/redirect-example

                If a user attempts to retrieve https://bioviztest3.bioviz.org/bogus/redirect-example, then the Apache web server will redirect the client to resource https://bioviztest3.bioviz.org/quickload/redirect-example. This new location contains Apache configuration files that will trigger it to request a user name and a password from the client. The only user name and password combination that it will accept are: "guest2" and "guest2".

                The other user name and password combination won't work.

                Show
                ann.loraine Ann Loraine added a comment - - edited I have created a new redirection testing resource on bioviztest3.bioviz.org in which the password challenge is meant to occur after the redirection response is received by the client. The Apache configuration file (httpd.conf) contains the following line: Redirect /bogus/redirect-example /quickload/redirect-example If a user attempts to retrieve https://bioviztest3.bioviz.org/bogus/redirect-example , then the Apache web server will redirect the client to resource https://bioviztest3.bioviz.org/quickload/redirect-example . This new location contains Apache configuration files that will trigger it to request a user name and a password from the client. The only user name and password combination that it will accept are: "guest2" and "guest2". The other user name and password combination won't work.
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                Added new password-protected quickloads to aloraine fork https://bitbucket.org/aloraine/bioviz branch IGBF-3204.
                Will submit PR to bioviz and merge.

                Show
                ann.loraine Ann Loraine added a comment - Added new password-protected quickloads to aloraine fork https://bitbucket.org/aloraine/bioviz branch IGBF-3204 . Will submit PR to bioviz and merge.

                  People

                  • Assignee:
                    ann.loraine Ann Loraine
                    Reporter:
                    nfreese Nowlan Freese
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: