Shibboleth SP & Okta IdP Redirect Looping
Paul Carroll
pcarroll at nfmail.net
Thu Aug 6 00:27:35 UTC 2020
No worries. I think the troubleshooting was helpful.
I turned off JavaScript and I was able to view the page source after IdP login. The action in the form is https://myserver.mycompany.com and not https://myserver.mycompany.com/Shibboleth.sso/SAML2/POST. So I think that confirms the issue lies with the IdP. I will log an issue with Okta.
Thanks,
Paul
--- cantor.2 at osu.edu wrote:
From: "Cantor, Scott" <cantor.2 at osu.edu>
To: Shib Users <users at shibboleth.net>
Subject: Re: Shibboleth SP & Okta IdP Redirect Looping
Date: Thu, 6 Aug 2020 00:09:51 +0000
And I'm sorry for all the misdirects and blind alleys, but this isn't generally why loops happen. IdPs pretty much do what they're told, they get a request and the response goes back to the ACS URL in the request or they refuse. Hardwiring them to respond to some arbitrary URL that's wrong is just not how things work.
It's much more common for the SP and Apache to be stepping on each other in weird ways than for an IdP to be this oddly behaved. It never occurred to me to ask, and you wouldn't know the obvious signs.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list