Errors seen in shibd.log 'replay detected of message ID'

arrk_shoba shoba.menon at arrkgroup.com
Wed May 8 07:50:06 EDT 2019


Hi,We are multi-tenant application allowing login via multiple IDP. Most of
those are Shibboleth IDP and some are using ADFS. Off-late, we see frequent
errors in the shibd.log for ADFS providers:2019-05-04 12:49:53 ERROR
OpenSAML.SecurityPolicyRule.MessageFlow [1] [/SP URL/]: replay detected of
message ID (_f3ce22fe-1c01-41c5-9e18-205b77b04b73)2019-05-04 12:49:53 WARN
Shibboleth.SSO.SAML2 [1] [/SP URL/]: error processing incoming assertion:
Rejecting replayed message ID
(_f3ce22fe-1c01-41c5-9e18-205b77b04b73).2019-05-04 12:49:55 ERROR
OpenSAML.SecurityPolicyRule.MessageFlow [3] [/SP URL/]: replay detected of
message ID (_f3ce22fe-1c01-41c5-9e18-205b77b04b73)2019-05-04 12:49:55 WARN
Shibboleth.SSO.SAML2 [3] [/SP URL/]: error processing incoming assertion:
Rejecting replayed message ID (_f3ce22fe-1c01-41c5-9e18-205b77b04b73).For
few of the requests, we seen following errors as well:2019-05-07 13:42:53
WARN Shibboleth.SSO.SAML2 [2] [/SP URL/]: error processing incoming
assertion: SAML response reported an IdP error.Is there any configuration at
SP side that we must be checking to address these issues? 



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190508/204aa2fb/attachment.html>


More information about the users mailing list