numerous HTTP OPTIONS method requests in Jetty log

Cantor, Scott cantor.2 at
Fri Apr 5 09:40:23 EDT 2019

On 4/5/19, 8:11 AM, "users on behalf of Losen, Stephen C (scl)" <users-bounces at on behalf of scl at> wrote:

> The SAML requests in this loop come from the same SP and other clients show successful logins to this SP, so I don't
> think the SP has a problem. I see looping for other SPs. Looks like a browser issue.

The SP has no control whatsoever, apart from not protecting whatever page is getting hit by these requests.

> This is mostly a curiosity question to help us decide how to configure ASM.

I never noticed them, but I don't think they're actually reaching the IdP though, which I guess makes it somewhat irrelevant. The 403 is from the web.xml security constraint we ship now. Perhaps there's an alternative status that could convince the broken browser (that's a redundancy) to stop.

-- Scott

More information about the users mailing list