Return trip from IdP after AuthN redirects to incorrect path
Ian Walsh
ianwalsh at uw.edu
Wed Aug 8 15:32:54 EDT 2018
Greetings folks,
One of the teams which runs Shibboleth SP here on Linux (currently 2.6.1,
they'll be upgrading soon) has run into a frustrating and difficult to
diagnose issue.
Intermittently, when navigating to a Shibboleth SP protected resource, the
user is redirected to the IdP for authentication but on the return trip
they end up at the base URL or a shortened URL path of the application
instead of the correct URL path.
An example:
User navigates to:
https://depts.washington.edu/x/y/z
go to the IdP. auth, and then is redirected to
https://depts.washington.edu/y/z
or sometimes just to https://depts.washington.edu.
According to that team the shibd logs don't show any kind of smoking gun.
Once this begins to occur it appears to continue until action is taken.
They have been restarting shibd to mitigate, which appears to work until it
occurs again, but that's not a sustainable solution.
Any thoughts are appreciated.
Ian Walsh
Identity & Access Management Specialist
UW Information Technology
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180808/bc4932e7/attachment.html>
More information about the users
mailing list