IDP v3 Double Login
McKean, Brandon Scott - mckeanbs
mckeanbs at jmu.edu
Tue Aug 4 13:29:59 EDT 2015
There should be two audit log entries for these requests, and two web access log records for a GET to the Shibboleth/SSO endpoint with the appropriate parameters.
Looking in the audit log, that does appear to be the case.
In which case, there's no way for the IdP to do anything about it unless the SP operator can explain why it's not happy with the first response.
That makes sense, but that would make me wonder why IDPv2 had worked with it in this scenario, without any special configuration that I'm aware of.
Thanks,
Brandon McKean
On Tue, 2015-08-04 at 17:13 +0000, Cantor, Scott wrote:
On 8/4/15, 1:08 PM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of mckeanbs at jmu.edu<mailto:mckeanbs at jmu.edu>> wrote:
I'm not entirely sure how to tell that. But if it's where you would see "InitializeAuthenticationContext" in the logs on such a request, then yes, there are 2 requests, behavior that I don't see in the log when I try another SP.
There should be two audit log entries for these requests, and two web access log records for a GET to the Shibboleth/SSO endpoint with the appropriate parameters.
In which case, there's no way for the IdP to do anything about it unless the SP operator can explain why it's not happy with the first response.
-- Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150804/56f9919d/attachment.html>
More information about the users
mailing list