Micro Focus Filr
After upgrading from Filr 3.4.7 to Filr 126.96.36.199 users are unable to login through the web UI with the following message:
Filr requires that you use the domain name to log in
There are two Resolution methods to choose from:
- Disable the HTTPOnly flag
- Disable the HTTPOnly flag on the proxy/firewall which the clients are configured to configured to communicate through to get to the Filr server. The HTTPOnly setting adds the HTTPOnly attribute to the cookie.
- This was first seen with the NGINX Reverse Proxy, but could occur with any reverse proxy that supports the HTTPOnly setting. See the NGINX documentation for this setting.
- Check if DNS server name contains public suffix.
- See Public Suffix List for more information.
The message that Filr requires that you use the domain name to log in is not relevant to the cause of this problem.
There are two possible causes to this problem:
- By having HTTPOnly enabled on the firewall or proxy, client-side scripts are prevented from accessing cookies on the Filr server. Filr requires this data to be accessible to the web client.
- Filr web interface is using authentication token which is stored as browser cookie for -1 domain level.
- For example, if server DNS name is 'filr.public.domain' then Filr will try to set cookie for 'public.domain'.
- In case 'public.domain' is listed as a public suffix browser will drop it. As a result the authentication will fail.
The usage of -1 domain level allows Filr to use seamless authentication for requests to Content Editor which must be deployed in the same domain.