Bug 6336 – Error in request lifetime logging lacking

Bug 6336 - Error in request lifetime logging lacking

Summary:

Error in request lifetime logging lacking

Status:	CLOSED FIXED

Product:	GridShib
Component:	GridShib-CA
Version:	0.5
Platform:	All All

Importance:	P3 minor
Target Milestone:	---
Assigned To:	Von Welch

URL:
Keywords:

Depends on:
Blocks:	5823
	Show dependency tree / graph

Reported:	2008-08-22 10:19 by Von Welch
Modified:	2009-08-26 22:07 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Von Welch 2008-08-22 10:19:56

Here's the full logs from a user requesting a credential with a illegal
lifetime value. Some extra detail (e.g. user id) could help with debugging.

Aug 18 08:41:20 computer GridShib-CA-test (create-jnlp)[29188]: Requested
lifetime: 720000
Aug 18 08:41:20 computer GridShib-CA-test (create-jnlp)[29188]: ERROR:
Requested lifetime (720000) greater than allowed (604800).

------- Comment #1 From Von Welch 2009-08-17 21:58:12 -------

If syslog records everything at the 'info' level, more detail is available,
i.e.:

Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]:
CONNECTION:vwelch@illinois.edu:98.222.63.70:"urn:mace:incommon:uiuc.edu" 
Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]: Loading
established session from id: ea4f4c28b0bd14c08e2b8b6241d73d32 
Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]: Session
ea4f4c28b0bd14c08e2b8b6241d73d32 re-established. 
Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]: Destroying
session: ea4f4c28b0bd14c08e2b8b6241d73d32 
Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]: Requesting
lifetime of 720000 
Aug 17 21:51:29 computer GridShib-CA-test (generateCred.cgi)[13763]: ERROR:
Error with requested lifetime: Requested lifetime (720000) greater than maximum
allowed (604800)

------- Comment #2 From Von Welch 2009-08-17 22:15:01 -------

generateCred.cgi now puts REMOTE_USER, remote IP address and IDP id in all
error messages.

Aug 17 22:13:20 computer GridShib-CA-test (generateCred.cgi)[14463]:
ERROR:vwelch@illinois.edu:98.222.63.70:urn:mace:incommon:uiuc.edu: Error with
requested lifetime: Requested lifetime (720000) greater than maximum allowed
(604800) 

Note that these parameters are not delimited well, but there really is no good
delimiter, since almost any character may appear in any of these values.

------- Comment #3 From Von Welch 2009-08-26 22:07:57 -------

In 1.0.0 release.