IDP v3 Double Login
Cantor, Scott
cantor.2 at osu.edu
Fri Aug 14 10:40:48 EDT 2015
On 8/14/15, 10:33 AM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net on behalf of mckeanbs at jmu.edu> wrote:
>As far as I'm aware, it had been like that for a while with Shibboleth 2 in use. Switching to Shibboleth 3 on our end, as far as we can tell, made it start producing double login issues.
It is conceivably possible if that SP were using a relayState that was sending the full URL to the IdP (since that would be subject to potential manipulation by the IdP if we had a bug) but they're not (your pasted link left the underlying URL intact, so I was able to click it), it's using in-memory relay state so the URL never leaves the SP. So, no, there's absolutely no way that's possible.
>I'm not sure what else may have changed on their end, but that's all they said they had changed. They suspect it's a new change in Shibboleth 3, but I find myself doubtful on that front.
Can't be. Not that alone anyway.
-- Scott
More information about the users
mailing list