docusign failing

[Cantor, Scott]

> But, on the failed attempt it never transfers to RemoteUser.  Instead after it
> transfers to authentication engine it just logs this:
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:1
> 78] - Incoming request contains a login context and indicates there was an
> error authenticating the principal, processing second leg of request

You pretty much have to have cross-tab contamination of some kind. The "second leg" can't happen unless the cookie passed in links it to an object in the session that already has an error poked in telling it that it tried to log the user in and didn't get a result. You simply can't get it any other way. It is physically not possible for it to start from scratch in a fresh browser and reach that state.

-- Scott