ECP and session cookies

Wessel, Keith kwessel at
Tue Feb 13 17:33:39 EST 2018

Hi, all,

Is it possible to leverage the single sign-on session properties of browser with the IdP's ECP endpoint? We're caching the shib_idp_session_ss cookie then passing it back to the IdP with a subsequent ECP request in hopes that it would use it instead of looking for REMOTE_USER the second time around. I actually have two ECP endpoints configured in Apache, both of which send the request via mod_proxy to the same /idp/profile/SAML2/SOAP/ECP endpoint in Jetty. The normal ECP endpoint is behind http basic auth, the second has no authentication. Again, hoping that the cookie would serve as authentication.

But the IdP seems to give a SOAP fault when we call the second endpoint URL. I'm assuming that this is because REMOTE_USER isn't set.

So, is there any way to get the ECP flow to honor a session cookie from a previous login?


More information about the users mailing list