Shibboleth SP & Okta IdP Redirect Looping

Paul Carroll pcarroll at
Thu Aug 6 00:27:35 UTC 2020

No worries.  I think the troubleshooting was helpful.

I turned off JavaScript and I was able to view the page source after IdP login.  The action in the form is and not  So I think that confirms the issue lies with the IdP.  I will log an issue with Okta.


--- cantor.2 at wrote:

From: "Cantor, Scott" <cantor.2 at>
To: Shib Users <users at>
Subject: Re: Shibboleth SP & Okta IdP Redirect Looping
Date: Thu, 6 Aug 2020 00:09:51 +0000

And I'm sorry for all the misdirects and blind alleys, but this isn't generally why loops happen. IdPs pretty much do what they're told, they get a request and the response goes back to the ACS URL in the request or they refuse. Hardwiring them to respond to some arbitrary URL that's wrong is just not how things work.

It's much more common for the SP and Apache to be stepping on each other in weird ways than for an IdP to be this oddly behaved. It never occurred to me to ask, and you wouldn't know the obvious signs.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list