multiple sp hosts behind a firewall/proxy etc

Musil, William wmusil at
Sun May 24 18:49:45 EDT 2015

RelayState set to "cookie", worse - mad looping.

GET, POST, GET, POST and on and on.

Reading through the diagnosis possibilities. 

Maybe ss:mem is not so bad after all :-D

I have also set cookieProps = "http" as I am not using SSL for this proof of concept. It didn’t help.

William T. Musil
Manager, Technical Services

LABVANTAGE Solutions, Inc.
265 Davidson Avenue, Suite 220
Somerset, NJ 08873-4120 USA

Phone: 908-333-0111
Mobile: 908-531-0835
Fax: 732-560-0121
Email: wmusil at
Skype: bmusil.lvs

-----Original Message-----
From: Cantor, Scott [mailto:cantor.2 at] 
Sent: Sunday, May 24, 2015 5:35 PM
To: Musil, William; Shib Users
Subject: Re: multiple sp hosts behind a firewall/proxy etc

On 5/24/15, 5:27 PM, "Musil, William" <wmusil at> wrote:
>Now that I am using the proxy config as suggested, the redirect after success just sends me back to the root of the site, dropping the context. I am protecting /CR/rc/login. Instead of redirecting me to the http://proxy/CR/rc/login after talking to the idp, it sends me to http://proxy.

The default relay state mechanism is in-memory, so if you're switching systems mid-stream, it's not going to work. Change it to use a cookie and you can make that work even if the relay state is set on a different SP instance from the one that handles the response.

-- Scott

More information about the users mailing list