Client persistent storage not remembering user
Thomas Colin de Verdière
tdeverdiere at kapit.fr
Wed Mar 7 11:39:00 EST 2018
Hello Scott,
> There is nothing to configure other than a few properties. Whatever's
wrong is local and isn't even about local storage because it would simply
use cookies as a fallback.
I note that localstorage is working, and that persistent cookie is also
correctly set, in Firefox. But persistent cookie configuration does not
work either on my computer. I mean the cookie shib_idp_persistent_ss is
correctly stored at the first login attempt and correctly send at the
second attempt. But the browser redirect to : https://localhost/idp/profile/
SAML2/POST/SSO?execution=e1s1 which display the login page, instead of
logging me in.
On Chrome, when i close the browser and then reopen it, i see the cookie :
shib_idp_session, so i remove it, because it is a session cookie (expiring
in 1969-12-31). And it seems to me a Chrome bug. And Firefox does not send
this cookie when i close and reopen the browser. Without this cookie Chrome
behaves the same as Firefox: it redirects to the login page.
So i feel that on my computer the shib_idp_persistent_ss is not decrypted
or incorrectly at the server side.
In fact as i debugged a bit, i see it is well decrypted in
org.opensaml.storage.impl.client.ClientStorageService#load
Thomas
2018-03-06 19:18 GMT+01:00 Cantor, Scott <cantor.2 at osu.edu>:
> > The Os is Windows 10.
> > At first i thought it has nothing to do with the browser but it does not
> work
> > on Firefox nor on IE 11, but it works on Chrome 64.0.3282.
>
> It works fine for me in all my testing on all the browsers.
>
> > Also shibboleth is on address : https://localhost/ while the sp is on
> address :
> > https://localhost:8443/.
>
> I test routinely with the Eclipse testbed using localhost, it's never
> mattered. I would generally advise anybody who can't make that work to stop
> using localhost, it simply rules out issues that don't have anything to do
> with us.
>
> > Now, when i debugged more carefully, I see that i was wrong. The
> > shib_idp_persistent_ss is stored in Firefox. And i see the same behaviour
> > than Chrome.
>
> Even if local storage failed it would back off to cookies, though logout
> wouldn't work in that case. SSO still would.
>
> I just tested IE 11 on a never-before-used install of Windows and it
> worked fine with no adjustments.
>
> > The server log are different and i am trying to debug inside :
>
> That's far past any point where the session is involved.
>
> > I see in the log that the behaviour is different in
> SelectAuthenticationFlow.
> > On Firefox the authenticationContext is not the same than in Chrome. In
> fact
> > this is the profileRequestContext which is different. But it must be
> filled else
> > in the code.
>
> That doesn't really resemble any possible state of affairs, none of that
> is browser-dependent.
>
> > Scott, if you could give me some infos on where is decrypted the
> > shib_idp_persistent_ss value (or is it a key ?).
>
> I can't do that in an email.
>
> > I obviously misconfigured something but what ?
>
> There is nothing to configure other than a few properties. Whatever's
> wrong is local and isn't even about local storage because it would simply
> use cookies as a fallback.
>
> -- Scott
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180307/86a9012f/attachment.html>
More information about the users
mailing list