IdP not tracking SPs for SSO
David E. Newswanger
David_Newswanger at berea.edu
Wed Jan 13 10:37:14 EST 2016
I just upgraded from IDP 3.1.2 to 3.20 and I'm having some trouble getting SSO to work.
When I go to /idp/profile/Logout, it destroys the session for the IdP, but it doesn't show a list of the services that were accessed or destroy the sessions for any of those services.
I've added idp.session.trackSPSessions = true to idp.properties, as the wiki article instructs.
This is what I'm getting in the log when someone tries to login and then logout:
2016-01-13 09:52:23,456 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:139] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'newswangerd' succeeded
2016-01-13 09:52:23,469 - INFO [net.shibboleth.idp.session.impl.StorageBackedIdPSessionSerializer:135] - Unable to serialize SP session due to to storage service limitations
2016-01-13 09:52:23,470 - INFO [net.shibboleth.idp.session.impl.StorageBackedIdPSessionSerializer:135] - Unable to serialize SP session due to to storage service limitations
2016-01-13 09:52:23,926 - INFO [net.shibboleth.idp.session.impl.StorageBackedIdPSession:387] - Unable to add SP session due to to storage service limitations
2016-01-13 09:52:29,774 - ERROR [net.shibboleth.idp.profile:-2] - Uncaught runtime exception
2016-01-13 09:52:29,775 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: RuntimeException
I suspect the issue might have something to do with not being able to serialize the SP session, but I'm not entirely sure how I would fix that. Thoughts? Do I need to configure the IdP to use a database to track SP sessions?
Thanks,
David Newswanger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160113/e77c18ae/attachment.html>
More information about the users
mailing list