Return trip from IdP after AuthN redirects to incorrect path

mat houser mhouser at
Wed Aug 8 15:41:05 EDT 2018

One of our developers was reporting a similar thing, and he said that it
looked like whatever they were using for load balancing was doing
something to strip the target URL. 

I'm not exactly sure what he wound up doing to fix it, but he says it's
working now, so if you're using a load balancer that might be something
to check into.


mhouser at

On Wed, 8 Aug 2018, Ian Walsh wrote:

Greetings folks,

One of the teams which runs Shibboleth SP here on Linux (currently 2.6.1,
they'll be upgrading soon) has run into a frustrating and difficult to
diagnose issue.

Intermittently, when navigating to a Shibboleth SP protected resource, the
user is redirected to the IdP for authentication but on the return trip
they end up at the base URL or a shortened URL path of the application
instead of the correct URL path.

An example:

User navigates to:

go to the IdP. auth, and then is redirected to

or sometimes just to

According to that team the shibd logs don't show any kind of smoking gun.
Once this begins to occur it appears to continue until action is taken.
They have been restarting shibd to mitigate, which appears to work until it
occurs again, but that's not a sustainable solution.

Any thoughts are appreciated.

Ian Walsh
Identity & Access Management Specialist
UW Information Technology

More information about the users mailing list