Error in Shibboleth login from mobile devices

Nate Klingenstein ndk at
Tue Nov 26 14:38:49 EST 2019


The easiest way is with a tool like SAML tracer in Firefox or even just cURL on any Linux distribution.  Our company has been busy and we have to help paying customers first. We should be able to look more closely into this this weekend.

I'm sorry it's taken me so long,

On Nov 26, 2019 5:29 AM, Aseem Keskar <Aseem.Keskar at> wrote:

Hi Nate,

We have tried to find the HTTPS traffic details from the IdP server but unable to find this details.

Server Configuration

IdP Server – Unix OS and Jetty Server. (Unable to find the Https traffic details. Will the Jetty log will help here?)

SP Server – Windows R2 2016 and IIS web server

How can we find the exact HTTPS traffic / HTTP Request headers for working transaction and for failing transaction from the IdP server? Can you please provide some help here?

Thanks and Regards,

Aseem Keskar
Group Manager – IT - WNS Global Services (P) Ltd | <> 

Gate No 4, Plant 10 / 11 Godrej & Boyce Complex, Pirojshanagar, LBS MargVikhroli (West), Mumbai,Maharashtra,

IP: 67219|Direct: | Mobile: +919004427356 | Email :aseem.keskar at <mailto:aseem.keskar at> 







	 Connect with WNS  

From: Nate Klingenstein <ndk at>
Sent: 16 November 2019 12:01
To: Aseem Keskar <Aseem.Keskar at>
Cc: Chetan Chaudhari <Chetan.Chaudhari at>; Rupesh Kale <Rupesh.Kale at>; Nilesh Raut <Nilesh.Raut at>; users at; Jyoti Sawant <Jyoti.Sawant at>; Pravin Ingale <Pravin.Ingale at>
Subject: Re: Error in Shibboleth login from mobile devices

External Email: This email has not originated from WNS. Do not click on attachment or links/URL unless sender is reliable. Malware/ Viruses can be easily transmitted via email and also lead to a Phishing compromise.

Pardon me, that should read from the Shibboleth server, e.g. IdP.  Either end should be able to display the raw traffic.

Sorry. Internet outage here and I'm ironically bad with phones.

On Nov 15, 2019 10:19 PM, Nate Klingenstein <ndk at <mailto:ndk at> > wrote:


Strictly speaking, that means the IdP was attempting to continue some flow(usually login) but was unable to do so.  It's usually the back button, but that's obviously unlikely here.

I would like an example of the HTTPS traffic on a working transaction and an example of a failing transaction.  All you really know from the the server side is that it's trying to continue a webflow that is invalid.

This could be a hard fix, depending on what's happening.

Take care,


On Nov 15, 2019 8:46 PM, Aseem Keskar <Aseem.Keskar at <mailto:Aseem.Keskar at> > wrote:

Hello Team,

We have implemented Shibboleth SSO login in our mobile application. Our mobile application has been built on IONIC3.

We are frequently facing issue on Shibboleth login for mobile devices where sometime it redirects to error (find the attached error screenshots) and sometime it works fine without any error. Shibboleth login for mobile device is not working consistently.

We are facing this issue in iOS device more frequently (this error appears 1 or 2 times out of 4-5 login attempts). For Android device, it is not coming so frequently like iOS (for Android error appears 1 or 2 times out of 14-15 login attempts).

We found the following error in the log file from IdP server.

[net.shibboleth.ext.spring.error.ExtendedMappingExceptionResolver:136] - Resolved [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s2' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.] to ModelAndView: reference to view with name 'error'.

Kindly help us to find root cause of this error and provide some solution for the same?

Thanks and regards,
Aseem Keskar-- 
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at <mailto:users-unsubscribe at> 



For Consortium Member technical support, see

To unsubscribe from this list send an email to users-unsubscribe at <mailto:users-unsubscribe at> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list