Forum Discussion

nathan's avatar
nathan
Executive
13 years ago

User IP in SSO API call

We are currently trying to resolve the 'IP Comparison Failed' error when administrators log in via SSO. We use the Java SSO API.

 

We have spoken to Lithium support about it, and this was the response:

"As you can see from the cookie, you're sending us 127.0.0.1 in the cookie so this is why it's failing for you everywhere. Can you please review your implementation and ensure that you're passing us the IP of the person that requested the cookie in the cookie?"

 

My question for anyone that knows - what API parameter must we set to be the user's IP address? We can't see any parameters on the SSO API that correspond to it.

 

TIA

2 Replies

Sort By
  • AdamN's avatar
    AdamN
    Khoros Oracle
    13 years ago

    Hi Nathan,

     

    There are a few of different ways to go about this:

     

    1. There is a writeLithiumCookie method that accepts an HttpServletRequest as a parameter. If you use this method, the IP address is pulled from the request object passed in.
    2. Similarly for the getLithiumCookie method if you're setting the cookie manually.
    3. There is a getLithiumCookieValue method that allows you to pass in the ip address directly as a String via the reqRemoteAddr parameter.

    Regards,

     

    Adam

  • nathan's avatar
    nathan
    Executive
    13 years ago

    Thanks Adam - I had to raise this issue with support in the end as I needed a response.

     

    We solved it by specifying the user's IP address as the reqRemoteAddr in the settings hashmap (option 3).

    Otherwise, it was picking up the IP address as 127.0.0.1 - possibly because of the network configuration.

     

    Although there is some information about the additional settings in the SSO documentation, it doesn't really explain how the API determines the IP address for the user or the significance of that in terms of the security checks that the Lithium community site performs. I get the impression that quite a few other people have had difficulties with issue, so it might be worth making it a bit clearer.