idp login issue connecting to ldap
cantor.2 at osu.edu
Mon Aug 3 22:35:18 EDT 2015
On 8/3/15, 10:21 PM, "users on behalf of Michael A Grady" <users-bounces at shibboleth.net on behalf of mgrady at unicon.net> wrote:
>May not be the same issue, but in trying Jetty 9.3 last week, we couldn't seem to get the cookie handling to work right with JSESSIONID. At first, it wasn't being written out at all with the login page, so the IdP had no context to link the returned login page
> to, and just presented the login page again. We got jsessionid to get written out with the login page, but then Jetty wasn't returning it thru to the IdP on the way back in, at least not as the IdP expected it. So, again, the login page just kept being presented with no errors in the log. We then gave up, and went back to 9.2. Figured we'd just messed up jetty-base somehow, didn't yet have time to dig into it more.
I'm not having any problem with JSESSIONID per se, but I am completely unable to get 9.3 to actually read a POST of any kind. I'm testing with a lone JSP page in a separate context from the IdP and just dumping out request parameters and they're null, always. That's what it appears to be doing in the login form. There really wouldn't be any POST involved until that point, so all kinds of complex stuff is running fine up until that point and then it breaks.
When I played with 9.3 I was just working on fixing the keystore problems people had, so when that worked, I stopped. It really didn't occur to me tha POST wouldn't work.
My first impression was that this must be some bug in our filters, of which we have several, but all of them are response-side only filters and I just ruled them all out by testing with a simple JSP page, no Spring, nothing.
I'll need to rule out TLS now, turn the IdP context off, etc. and just keep digging, but this is pretty bizarre.
Obviously 9.3 is in fact unusable at the moment.
More information about the users