saml2 idp session was not set on the first saml request

Cantor, Scott cantor.2 at
Wed Apr 23 17:33:23 EDT 2014

On 4/23/14, 4:46 PM, "XiaoXia Dong" <x-dong at> wrote:
>Hello shibboleth experts,
>I have  a strange problem with one of our app. After tracing the saml and
>http header, I could see that my instance is not working for first time
>user access because saml request does not set the _idp_session.

There is no idp_session cookie until after the first login, always. It has
nothing to do with the response to any given SP, it's how SSO is handled
afterward for the second request.

The cookie that tracks request state for any given transaction is the
login context cookie, which has a name that's not in my head at the
moment, but is fairly self-evident when seen.

-- Scott

More information about the users mailing list