SpreadUbuntu 403 on login

Asked by Evan Boldt on 2011-03-01

People can no longer log into spreadubuntu through either the spreadubuntu.org or older spreadubuntu.neomenlo.org domains. I'm wondering if the protocol changed or if we just need to re-validate our trust roots.

If the protocol changed, what should we upgrade our drupal 6.x module to?
We were using https://code.launchpad.net/~canonical-isd-hackers/drupal-launchpad/6.x-trunk but taht hasn't been updated lately.

Question information

English Edit question
Canonical SSO provider Edit question
No assignee Edit question
Solved by:
Evan Boldt
Last query:
Last reply:
David Owen (dsowen) said : #1


Thanks for your question. I see the 403 page you mention when I try to login with the little LP button (but I may also not have the right team membership or whatever anyway). But I also notice that I get a 403 when navigating to the registration page. I don't know if this is at all related.

As far as I can tell, SSO seems to be doing the right stuff. Can you find the reason why a 403 is being returned? Is it because of a blanket-protection of the URL in an Apache front-end? The SSO response seems invalid? The repsonse is valid but the membership is wrong? Etc.

Evan Boldt (echowarp) said : #2

It turns out that my host reverted some whitelisted mod_sec rules. I had already had them whitelist it once before, so it didn't occur to me until you suggested that.

Thanks. Sorry for jumping the gun and blaming you guys.