IdP SSO not working
Chad La Joie
lajoie at itumi.biz
Thu Feb 23 19:40:21 GMT 2012
Yes, just confirming that Scott's interpretation is correct. I means
it is getting a cookie but finding no session that matches it.
The cookie name is '_idp_session'.
On Thu, Feb 23, 2012 at 14:29, Cantor, Scott <cantor.2 at osu.edu> wrote:
>>
>>Logging is already set to DEBUG for everything under
>>edu.internet2.middleware.shibboleth. I can't see anything logged
>>indicating it is inspecting any cookies. What I am seeing is lots of
>>lines like this (but with different session ID values):
>>
>>06:05:12.955 - DEBUG
>>[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:160] -
>>No session associated with session ID
>>NzQxNmVkZTJkMjkwNGUxNmFmNTM1OTVjZGY3ZmI1ZGU2MTZmMjdjODRmYTUwY2RjY2FmMDIyZj
>>FmMjkwMDVkOQ==
>>- session must have timed out
>
> I think that means it's getting a cookie that doesn't correspond to a
> session in the cache. After the other recent post, I'm led to wonder, how
> is this IdP clustered? If it's behind a load balancer, you have to cluster
> it or deploy changes and plugins to avoid clustering it. And if you don't,
> but have short term stickiness, you get no SSO (and no attribute query
> support).
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list