Looping requests when ApplicationOverride used

tullrich72 timo.ullrich at bluewin.ch
Wed Mar 29 11:22:07 EDT 2017


Hi all,
the basic idea was to use different MetaData based on incoming query
parameters. While all works fine for the ApplicationDefaults configuration,
I end up in a loop when the ApplicationOverride configuration is used. For
simplification the override configuration is currently fully inheriting from
defaults config (Sessions element has been redefined).
The loop starts when Idp based authentication was successfully done and
coming back to the original target, even though session cookies are set, it
still re-enters the IdP invocation.

Configurations as follows:

    <RequestMapper type="Native">
        <RequestMap applicationId="default">
            <Host name="my.something.com">
                <Path name="secure" authType="shibboleth"
requireSession="true">
                    <Query name="idp-hrd“ regex="^internalAuth"
applicationId="internalAuth"/>
                </Path>
            </Host>
        </RequestMap>
    </RequestMapper>

<ApplicationDefaults entityID="https://my.something.com/shibboleth">
    <Sessions lifetime="28800" timeout="3600" checkAddress="false"
relayState="ss:mem" handlerSSL="false">

        <SSO entityID="http://POC.another.net/trust">
            SAML2 SAML1
        </SSO>
        <Logout>SAML2 Local</Logout>        
    </Sessions>
    
....
    
    <ApplicationOverride id="internalAuth">
        <Sessions lifetime="28800" timeout="3600" checkAddress="false"
relayState="ss:mem" handlerSSL="false"/>
    </ApplicationOverride>
</ApplicationDefaults>

I don’t see any reason, why looping starts with URL
„https://my.something.com/secure/secret.html?idp-hrd=internalAuth“, while it
is absolutely fine with „https://my.something.com/secure/secret.html“.

Thanks in advance,
Timo



--
View this message in context: http://shibboleth.1660669.n2.nabble.com/Looping-requests-when-ApplicationOverride-used-tp7632284.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.


More information about the users mailing list