Expired session not posting saml after idp redirect
JamesP
jcparsons at gmail.com
Wed Oct 17 01:49:22 EDT 2018
Peter Schober wrote
> * JamesP <
> jcparsons@
> > [2018-10-16 06:06]:
>> Our realm on the IdP does not have an application location/URL set
>> as we are hosting multiple apps on the same apache proxy host. so
>> the vhost servername that redirects to the IdP, is what the IdP uses
>> for the redirect back
>>
>> any ideas on why it's not posting back to the
>> /Shibboleth.sso/SAML2/POST?
>
> I don't understand most of what you wrote but did you trace all these
> messages from the resource/SP to the IDP and back in detail,
> e.g. using some browser function or the SAML tracer extension? I.e.,
> are you sure that's what happening?
>
> If the SP sends a SAML 2.0 authentication request to the IDP and the
> IDP literally replies with a redirect to the SP's resource then the
> IDP would be broken: An IDP only deals with SAML protocol messages, as
> far as any SP is concerned. In reply to an authn request it would only
> send a SAML response to the requested (or defaulted) Assertion
> Consumer Service URL of the SP. It's the SP that would make any final
> redirects to the resource.
>
> What implementation is that SAML IDP?
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe@
IDP is SecureAuth. I'm thinking I might need to switch this to passive
session and have the application force session timeout and re-login as
required.
web trace shows CORS errors... multiple redirect loops.
--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list