Strange behavior only via Internet Explore

Noriyuki TAKEI ntakei at sios.com
Mon Apr 22 22:36:44 EDT 2019 

Hi,all

I found the strange behavior only when accessing a SP via Internet Explore.

When I go to an specific SP via Internet Explorer, I got the following
error message in idp-warn.log.

--- start ---
2019-04-23 11:22:44,260 - XXX.XXX.XXX.XXX - ERROR
[org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action
DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: This message
decoder only supports the HTTP GET method
        at
 org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:90)
--- end ---

The following message got displayed in the browser.

--- start ---
Web Login Service - Stale Request

You may be seeing this page because you used the Back button while browsing
a secure web site or application. Alternatively, you may have mistakenly
bookmarked the web login form instead of the actual web site you wanted to
bookmark or used a link created by somebody else who made the same mistake.

Left unchecked, this can cause errors on some browsers or result in you
returning to the web site you tried to leave, so this page is presented
instead.
--- end ---

However,when I go to the same sp again via the same tabs of the same
browser, it worked properly.

When terminating all the browser and accessing the same SP via Internet
Explore,the above-mentioned error occurred again.

I guess the above-mentioned error proceeds in the following sequence from
idp-warn.log, HTTP Header and  apache access logs.

(1) At first, the browser access to an SP.
(2) The SP redirects the browser to
[IDP's FQDN]/idp/profile/SAML2/Redirect/SSO via Get method with SAML
Request attached to query parameter.(However, it seems that the browser
gets this response from cache according to IE's log )
(3) The SP redirects the browser again to
[IDP's FQDN]/idp/profile/SAML2/Redirect/SSO via Post method with SAML
Request attached to query parameter.
(4) the above-mentioned error occurs.

In addition, one SP works properly, but the other SP does not.I don't
understand the difference between two SPs.

Do you have any ideas to solve this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190423/6f6567e0/attachment.html>

More information about the users mailing list