SP looping next step?

Cantor, Scott cantor.2 at osu.edu
Tue Nov 11 20:41:35 EST 2014

On 11/12/14, 1:23 AM, "David Bantz" <dabantz at alaska.edu> wrote:

>Well, er…, yes, it’s /Shibboleth.sso/Login target;  we’re not 
>understanding why that’s incorrect or what it should be instead because 
>that is the WP plugin default apparently and also what UA-Madison and 
>Cambridge documentation indicate:

I don't know anything about WordPress, but any time you redirect to a 
Shibboleth session initiator, you either get an error, end up at a 
discovery page, or send a login request to an IdP. It is not a "resource" 
to protect, and you cannot end up there after a SAML response is handled, 
because that's just a loop. A protected resource has to be something else.

There has to be *something* in between in your trace. Presumably you're 
missing it, and it's something in WordPress that's doing the eventual 
redirect back to the session initiator. If not, you just have a totally 
broken configuration of whatever application is involved.

-- Scott

More information about the users mailing list