intermittent IDP failure
Steven Carmody
steven_carmody at brown.edu
Fri Feb 1 12:54:44 EST 2013
On Feb 1, 2013, at 11:05 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>> we currently have a 180 second stickiness at the load balancer. That
>> gets the use thru the initial login. However, some apps (see above)
>> continue to send the user back to the IDP, randomly.
>
> 180 is not enough for many users to get logged in, but sending you back to
> the IdP cold isn't going to cause this error. It physically can't, because
> that step would include the SAML request.
>
> The only way this happens is if the login context is not replicated and
> you switch IdPs in the middle of the login process. Or the back button of
> course.
here's what I saw, while sitting, chatting, and watching what another person did.
he logged into a shib-protected site successfully.
he logged into a second shib-protected site (this one was cluster based, not sharing teh SAML session across machines)
every few minutes, he would tap the enter key
about the 6th or 7th tap on the 2nd app, an IDP error page was displayed.... the error in the logs said (we think) that the request didn't contain any QUERY parameters. He was definitely not presented with another login page. And didn't use the BACK button.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list