Shibboleth SP & Okta IdP Redirect Looping
cantor.2 at osu.edu
Thu Aug 6 00:05:07 UTC 2020
On 8/5/20, 7:56 PM, "users on behalf of Paul Carroll" <users-bounces at shibboleth.net on behalf of pcarroll at nfmail.net> wrote:
> A 302 response is produced but it redirects back to the IdP. No redirect to Shibboleth.sso/SAML/POST occurs.
> I always receive a "A valid session was not found." when I browse to Shibboleth.sso/Session.
I was expecting the SP was broken so I didn't think the handlers worked and thought your problem was the SP. Now I'm thinking the issue is the IdP after all, if your description is accurate. The SP seems to be perfectly fine.
The looping seems to have been a fallout of the IdP mis-directing the response to the site root, which was protected, triggering a request back to the IdP and so on. Now that it's not protected, you get sent to the root, and whatever happens there is whatever happens I guess.
The IdP needs to produce a form sending the browser to /Shibboleth.sso/SAML2/POST when the transfer back occurs.
If that's not what it did, something's pretty wrong with it and that's your problem.
More information about the users