Shibboleth Service Provider in Federation with OpenAM Policy Agent results in Single Sign On Bug

David Purdy daveprdy at gmail.com
Fri Oct 12 16:39:22 EDT 2012


Hello,
I have encountered a problem when testing Single Sign On between an
application hosted on Apache HTTPD which is protected by a Shibboleth
Service Provider and an application hosted on Tomcat which is protected by
an OpenAM Policy Agent.
Single Sign On works fine if I browse to the Shibboleth application first
followed by browsing to the Policy Agent application and then logging into
either application. Single logout functionality is working correctly in all
cases.

The problem occurs when following these specific actions:

1: Browse to the application protected by the Policy Agent (but don't log
in).

2: Browse to the application protected by Shibboleth (but don't log in).

3: Log into the application protected by the Policy Agent.

After completing step 3 above,  when you click "Login", the URL changes to
http://openam-url:8080/openam/UI/Login. Then when you click "Login" again,
the users OpenAM profile is displayed instead of the desired application.

Any insight anyone could give to the cause of this problem would be greatly
appreciated.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121012/8bbf0603/attachment.html 


More information about the users mailing list