Return trip from IdP after AuthN redirects to incorrect path
mat houser
mhouser at uwm.edu
Wed Aug 8 15:41:05 EDT 2018
One of our developers was reporting a similar thing, and he said that it
looked like whatever they were using for load balancing was doing
something to strip the target URL.
I'm not exactly sure what he wound up doing to fix it, but he says it's
working now, so if you're using a load balancer that might be something
to check into.
-mat
--
-------------
mat:houser
mhouser at uwm.edu
uwm:uits:iam-support
-------------
On Wed, 8 Aug 2018, Ian Walsh wrote:
Greetings folks,
One of the teams which runs Shibboleth SP here on Linux (currently 2.6.1,
they'll be upgrading soon) has run into a frustrating and difficult to
diagnose issue.
Intermittently, when navigating to a Shibboleth SP protected resource, the
user is redirected to the IdP for authentication but on the return trip
they end up at the base URL or a shortened URL path of the application
instead of the correct URL path.
An example:
User navigates to:
https://depts.washington.edu/x/y/z
go to the IdP. auth, and then is redirected to
https://depts.washington.edu/y/z
or sometimes just to https://depts.washington.edu.
According to that team the shibd logs don't show any kind of smoking gun.
Once this begins to occur it appears to continue until action is taken.
They have been restarting shibd to mitigate, which appears to work until it
occurs again, but that's not a sustainable solution.
Any thoughts are appreciated.
Ian Walsh
Identity & Access Management Specialist
UW Information Technology
More information about the users
mailing list