Project

General

Profile

Actions

Bug #233

closed

Receiving "Bad Request, Return-To-Websession yielded a non-redirect response." whenever trying to use the browser plugins

Added by Jens Erat almost 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
05/17/2013
Due date:
% Done:

0%

Estimated time:
Build Version:

Description

Each time trying to log in to some webservices using the Chrome and Safari plugins, I'm receiving this error message:

Bad Request

Return-To-Websession yielded a non-redirect response.

The URL in the browser is

http://localhost:24727/eID-Client?activationObject=%3Cobject%20type%3D%22application%2Fvnd.ecard-client%22%20width%3D%220%22%20heigh%3D%220%22%20border%3D%220%22%3E%0A%3Cparam%20name%3D%22ServerAddress%22%20

(cut for possible security/privacy issues).

How to reproduce:

1. Go to webservice, start authentification
2. Click through dialogs
3. Enter PIN
4. Open eCard sends you back to the website
5. Error message is shown in browser

I was trying following services:

- MeineSchufa
- Rentenversicherung

I was able to use the Demo from the website, but as far as I know this isn't using the browser plugin.

I couldn't get any further related logs, neither in the system log nor by starting the jar on the command line. Is there any way to enable some kind of debug mode?

Actions #1

Updated by Tobias Wich almost 11 years ago

The problem is that the eID Servers of these sites do not return redirects as in the currect specification TR-03112-7. I am not sure whether this is a correct behavior according to old versions of the spec. Nevertheless in my opinion, a currently conforming client MUST not allow such behaviour.

The solution to this problem would be to deactivate the checks that the redirect ends at the certificate's owners site.
The code producing the error can be seen in the following link.
https://github.com/ecsec/open-ecard/blob/1.0.2/control-interface/control-modules/tctoken/src/main/java/org/openecard/control/module/tctoken/GenericTCTokenHandler.java#L425

This a very severe problem as it probably concerns all live eID setups. Strangely I did not observe such a behaviour with the test services.
How should we handle this

BTW: Logging configuration is explained in the User_Guide.

Actions #2

Updated by Tobias Wich almost 11 years ago

  • Target version set to 1.0.3
Actions #3

Updated by Tobias Wich almost 11 years ago

  • Status changed from New to Review
  • Assignee set to Tobias Wich
  • Reviewer set to Detlef Hühnlein
Actions #4

Updated by Tobias Wich almost 11 years ago

  • Status changed from Review to Closed
Actions

Also available in: Atom PDF