Upgrade to IDP 2.4.0 - Can not login

Yusuf Tran Yusuf.Tran at kaplan.com
Fri Oct 18 05:38:33 EDT 2013

Thanks Scott, regarding the vhost though that all remains untouched, I'm going to comb through the files again, it may have something to do with memcache and load balancing, thanks for your help though


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 17 October 2013 19:18
To: Shib Users
Subject: Re: Upgrade to IDP 2.4.0 - Can not login

On 10/17/13 1:41 PM, "Yusuf Tran" <Yusuf.Tran at kaplan.com> wrote:

>To confirm, I can test both versions side by side using the same 
>browser and tools, I clear session and domain cookies each time.

Then you need to trace the traffic and track the session cookie and see why it's not making it into the IdP or not being honored.

>All I do is amend my hosts file to point to the relevant IDP to test, 
>so can confirm things work fine with IDP v 2.3.8, but if I change my 
>hosts file with the upgraded IDP and check again than I get the error 
>mentioned (after loggin in).
>I'm actually testing by taking one of two nodes out of a load balanced 

I would bet money you have a vhost mismatch of some kind causing one of the flows to be broken.

>Over the last few days I've diff'ed the setup folders and caught all 
>changes and customisations, really it's just the SLO entries, updated 
>packages, updated relying-party etc, meticulous care was taken to get 
>the setup files ready!

There really isn't anything in the configuration, it's cookie handling.

>This new cookie feature, is there a way we can make it behave like 
>previous versions?

If it did, you'd get an empty assertion out, of no use. This isn't a feature. It's changing the result of a given error condition. The error would exist either way.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list