IDP v3 Double Login

McKean, Brandon Scott - mckeanbs mckeanbs at jmu.edu
Tue Aug 4 11:08:20 EDT 2015 

I had a follow up on this one. It looks like a few years ago, someone from this SP posted on this mailing list, indicating they are using Shibboleth SP or at least did at some point.

Is there any particular setting(s) in that where double logins might be caused from clients going from IDP v2 to v3?

Thanks for any information you can provide on this.


-- Brandon McKean IT / Systems Linux Administrator (540)568-4235

On Mon, 2015-07-27 at 15:47 +0000, McKean, Brandon Scott - mckeanbs wrote:
Assuming it's a full round trip twice, then I think the SP has to be causing that through its own behavior.

Ok, thanks for the info. In that case I'll see if I can get in contact with them. They're the only SP that has this issue so I'm inclined to agree with you there.

Well, afterward, yes.

I think I understand now, I was misinterpreting the log at that point rather than looking further up. It looks like the IDP didn't error out anywhere during that first part of the process.

Thanks,

Brandon

On Mon, 2015-07-27 at 15:15 +0000, Cantor, Scott wrote:

On 7/27/15, 11:07 AM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of mckeanbs at jmu.edu<mailto:mckeanbs at jmu.edu>> wrote:



We had an issue reported to us today regarding one of the SPs. Namely, when you go to login, it makes you do so twice. That is, when you've logged in, it returns to the IDP login page as if you hadn't logged in at all, and only after logging into the second one does it go back to the SP and continue on.



Assuming it's a full round trip twice, then I think the SP has to be causing that through its own behavior.



Accordingly I've tried studying the idp-process.log results from doing each login. The one thing I can note is that the first, failed one, mentions that no session was found for the client. I find this baffling because in the same log, there is mention of it creating a session.



Well, afterward, yes.

-- Scott



--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150804/23940724/attachment.html>

More information about the users mailing list