SP looping next step?
cantor.2 at osu.edu
Tue Nov 11 20:41:35 EST 2014
On 11/12/14, 1:23 AM, "David Bantz" <dabantz at alaska.edu> wrote:
>Well, er…, yes, it’s /Shibboleth.sso/Login target; we’re not
>understanding why that’s incorrect or what it should be instead because
>that is the WP plugin default apparently and also what UA-Madison and
>Cambridge documentation indicate:
I don't know anything about WordPress, but any time you redirect to a
Shibboleth session initiator, you either get an error, end up at a
discovery page, or send a login request to an IdP. It is not a "resource"
to protect, and you cannot end up there after a SAML response is handled,
because that's just a loop. A protected resource has to be something else.
There has to be *something* in between in your trace. Presumably you're
missing it, and it's something in WordPress that's doing the eventual
redirect back to the session initiator. If not, you just have a totally
broken configuration of whatever application is involved.
More information about the users