SP 2.4.2 Sessions destroyed in less than a second when using Novell Access Manager 3.1

Tue Oct 25 18:57:39 BST 2011

We have Shibboleth SP 2.3.1 and 2.4.2

The IDP is Novell Access Manager 3.1 and it does not provide the SessionNotOnOrAfter attribute.

In 2.3.1 this does not affect the SP Session as it uses the values in the Session lifetime setting.

In 2.4.2 we are seeing that the Shib Session is created and destroyed within 1 second.

Is this a bug in 2.4.2 or is there a new configuration item required ? i have looked but could not find it.

<Sessions lifetime="14400" timeout="3600" checkAddress="false" handlerURL="/myapp/Shibboleth.sso" cookieName="myappCookie" handlerSSL="false">

I would expect the session life to 14400 but the session is destroyed immediately as can be seen below.

2011-10-18 22:20:18 INFO Shibboleth-TRANSACTION [1]: New session (ID: _79576046e3d9268c5c854d26fba424e7) with (applicationId: clientprod) for principal from (IdP: https://idp.clientglobal.net/nidp/saml2/metadata) at (ClientAddress: SOME_EXTERNAL_IP) with (NameIdentifier: sIthEHYHHEvanOm/wpjitMCV4bTMn+q0VSBhDw==) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: idJczau1TI2eAcnz3v-Sxy-g7GiNY)
 2011-10-18 22:20:18 INFO Shibboleth-TRANSACTION [1]: Cached the following attributes with session (ID: _79576046e3d9268c5c854d26fba424e7) for (applicationId: clientprod) {
 2011-10-18 22:20:18 INFO Shibboleth-TRANSACTION [1]: employeeID (1 values)
2011-10-18 22:20:18 INFO Shibboleth-TRANSACTION [1]: }
2011-10-18 22:20:19 INFO Shibboleth-TRANSACTION [1]: Destroyed session (applicationId: clientprod) (ID: _79576046e3d9268c5c854d26fba424e7)
 2011-10-18 22:20:20 INFO Shibboleth-TRANSACTION [1]: New session (ID: _eebfeeff2c73764dabd45cc649a3b7f7) with (applicationId: clientprod) for principal from (IdP: https://idp.clientglobal.net/nidp/saml2/metadata) at (ClientAddress: SOME_EXTERNAL_IP) with (NameIdentifier: sIthEHYHHEvanOm/wpjitMCV4bTMn+q0VSBhDw==) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: idG6RcfYIO4xTXRdWQB4gbwkFwSoE)
 2011-10-18 22:20:20 INFO Shibboleth-TRANSACTION [1]: Cached the following attributes with session (ID: _eebfeeff2c73764dabd45cc649a3b7f7) for (applicationId: clientprod) {
 2011-10-18 22:20:20 INFO Shibboleth-TRANSACTION [1]: employeeID (1 values)
2011-10-18 22:20:20 INFO Shibboleth-TRANSACTION [1]: }
2011-10-18 22:20:21 INFO Shibboleth-TRANSACTION [1]: Destroyed session (applicationId: clientprod) (ID: _eebfeeff2c73764dabd45cc649a3b7f7)
 2011-10-18 22:31:53 INFO Shibboleth-TRANSACTION [3]: New session (ID: _2f43f7ae3f51d35e1d0c7c9a5ad197d4) with (applicationId: clientprod) for principal from (IdP: https://idp.clientglobal.net/nidp/saml2/metadata) at (ClientAddress: SOME_EXTERNAL_IP) with (NameIdentifier: sIthEHYHHEvanOm/wpjitMCV4bTMn+q0VSBhDw==) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: idY.XyOJ3ZaGdIgclzQ0RoaY-91DY)
 2011-10-18 22:31:53 INFO Shibboleth-TRANSACTION [3]: Cached the following attributes with session (ID: _2f43f7ae3f51d35e1d0c7c9a5ad197d4) for (applicationId: clientprod) {
 2011-10-18 22:31:53 INFO Shibboleth-TRANSACTION [3]: employeeID (1 values)
2011-10-18 22:31:53 INFO Shibboleth-TRANSACTION [3]: }
2011-10-18 22:31:53 INFO Shibboleth-TRANSACTION [3]: Destroyed session (applicationId: clientprod) (ID: _2f43f7ae3f51d35e1d0c7c9a5ad197d4)

Thanks for any assistance.

Lee Evans

________________________________
NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL INFORMATION, AND IS PROTECTED BY LAW. IF YOU RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY RETURN E-MAIL, DELETE THIS COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE, DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS COMMUNICATION IS STRICTLY PROHIBITED.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20111025/8361e9d8/attachment-0001.html 