numerous HTTP OPTIONS method requests in Jetty log
Cantor, Scott
cantor.2 at osu.edu
Fri Apr 5 09:40:23 EDT 2019
On 4/5/19, 8:11 AM, "users on behalf of Losen, Stephen C (scl)" <users-bounces at shibboleth.net on behalf of scl at virginia.edu> wrote:
> The SAML requests in this loop come from the same SP and other clients show successful logins to this SP, so I don't
> think the SP has a problem. I see looping for other SPs. Looks like a browser issue.
The SP has no control whatsoever, apart from not protecting whatever page is getting hit by these requests.
> This is mostly a curiosity question to help us decide how to configure ASM.
I never noticed them, but I don't think they're actually reaching the IdP though, which I guess makes it somewhat irrelevant. The 403 is from the web.xml security constraint we ship now. Perhaps there's an alternative status that could convince the broken browser (that's a redundancy) to stop.
-- Scott
More information about the users
mailing list