shib session not accepted for vhosts with different IPs
el.ster
elmar.sternath at siemens.com
Thu Aug 13 15:27:23 UTC 2020
Dear experts,
I have caught the shibd logs of the working and non-working system. However
I am still unable to identify the root cause, I just can see that when the
SAML response comes in, the working system first dispatches a
default::getHeaders::Application message while the non-working system
directly starts with dispatching the default/SAML2/POST message.
working:
2020-08-06 12:06:56 INFO Shibboleth.Listener : listener service starting
2020-08-06 12:07:43 DEBUG Shibboleth.Listener [1]: dispatching message
(default::getHeaders::Application)
2020-08-06 12:07:43 DEBUG Shibboleth.Listener [1] [default]: dispatching
message (default/Login::run::SAML2SI)
2020-08-06 12:07:43 DEBUG XMLTooling.StorageService [1] [default]: inserted
record (970b7fca4f4fa86120c5fb963a2e009448adffcc1e63b76fddf5f4bf42f8ba9d) in
context (RelayState) with expiration (1596709063)
2020-08-06 12:07:43 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: validating input
2020-08-06 12:07:43 DEBUG OpenSAML.MessageEncoder.SAML2 [1] [default]:
tracking request (_5d8927e281c4283eeaffcd51c38c45bc) against RelayState
token
(ss:mem:970b7fca4f4fa86120c5fb963a2e009448adffcc1e63b76fddf5f4bf42f8ba9d)
2020-08-06 12:07:43 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: marshalling, deflating, base64-encoding the message
2020-08-06 12:07:43 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: marshalled message:
2020-08-06 12:07:43 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: message encoded, sending redirect to client
2020-08-06 12:08:14 DEBUG Shibboleth.Listener [2]: dispatching message
(default::getHeaders::Application)
non-working:
2020-08-06 12:17:12 INFO Shibboleth.Listener : listener service starting
2020-08-06 12:18:18 DEBUG Shibboleth.Listener [1]: dispatching message
(default::getHeaders::Application)
2020-08-06 12:18:18 DEBUG Shibboleth.Listener [1] [default]: dispatching
message (default/Login::run::SAML2SI)
2020-08-06 12:18:18 DEBUG XMLTooling.StorageService [1] [default]: inserted
record (339c5b02b65c35d6ef24865f46df7d8ebb0136cfa99120fc1f979b275d8eadb2) in
context (RelayState) with expiration (1596709698)
2020-08-06 12:18:18 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: validating input
2020-08-06 12:18:18 DEBUG OpenSAML.MessageEncoder.SAML2 [1] [default]:
tracking request (_1b1f97f3340f9d23b9a58974b850685a) against RelayState
token
(ss:mem:339c5b02b65c35d6ef24865f46df7d8ebb0136cfa99120fc1f979b275d8eadb2)
2020-08-06 12:18:18 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: marshalling, deflating, base64-encoding the message
2020-08-06 12:18:18 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: marshalled message:
2020-08-06 12:18:18 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]
[default]: message encoded, sending redirect to client
2020-08-06 12:18:26 DEBUG Shibboleth.Listener [2] [default]: dispatching
message (default/SAML2/POST)
After the session is created, the working system dispatches a message to the
session cache while the non-working system runs into the redirect loop
working:
2020-08-06 12:09:45 INFO Shibboleth.SessionCache [1] [default]: new session
created: ID (_6d876c20f4a9a52ca150c3e9b47e43cd) IdP
(https://example.idp.com) Protocol(urn:oasis:names:tc:SAML:2.0:protocol)
Address (xxx.xxx.xxx.xxx)
2020-08-06 12:09:45 DEBUG XMLTooling.StorageService [1] [default]: deleted
record (95563e336d351ed86b4940b35bec1984de5b21a5fc0811a1a29d193d12f4dcf2) in
context (RelayState)
2020-08-06 12:09:45 DEBUG Shibboleth.SSO.SAML2 [1] [default]: ACS returning
via redirect to: https://example.protectedhost.com/
2020-08-06 12:09:45 DEBUG Shibboleth.Listener [1] [default]: dispatching
message (find::StorageService::SessionCache)
2020-08-06 12:09:45 DEBUG XMLTooling.StorageService [1] [default]: updated
expiration of valid records in context (_6d876c20f4a9a52ca150c3e9b47e43cd)
to (1596712185)
non-working:
2020-08-06 12:18:26 INFO Shibboleth.SessionCache [2] [default]: new session
created: ID (_51c9cf57dbec4183aad05e2f7d99058e) IdP
(https://example.idp.com) Protocol(urn:oasis:names:tc:SAML:2.0:protocol)
Address (xxx.xxx.xxx.xxx)
2020-08-06 12:18:26 DEBUG XMLTooling.StorageService [2] [default]: deleted
record (339c5b02b65c35d6ef24865f46df7d8ebb0136cfa99120fc1f979b275d8eadb2) in
context (RelayState)
2020-08-06 12:18:26 DEBUG Shibboleth.SSO.SAML2 [2] [default]: ACS returning
via redirect to: https://example.protectedhost.com/
2020-08-06 12:18:26 DEBUG Shibboleth.Listener [2]: dispatching message
(default::getHeaders::Application)
2020-08-06 12:18:26 DEBUG Shibboleth.Listener [2] [default]: dispatching
message (default/Login::run::SAML2SI)
2020-08-06 12:18:26 DEBUG XMLTooling.StorageService [2] [default]: inserted
record (cae6fe52ef65fff313dfedba53e8b59e0773029e44e39722c4055c2e04392c53) in
context (RelayState) with expiration (1596709706)
2020-08-06 12:18:26 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [2]
[default]: validating input
2020-08-06 12:18:26 DEBUG OpenSAML.MessageEncoder.SAML2 [2] [default]:
tracking request (_66718031f25a0965f9fb48ab5df3dc06) against RelayState
token
(ss:mem:cae6fe52ef65fff313dfedba53e8b59e0773029e44e39722c4055c2e04392c53)
2020-08-06 12:18:26 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [2]
[default]: marshalling, deflating, base64-encoding the message
2020-08-06 12:18:26 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [2]
[default]: marshalled message:
2020-08-06 12:18:26 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [2]
[default]: message encoded, sending redirect to client
2020-08-06 12:18:26 DEBUG Shibboleth.Listener [2] [default]: dispatching
message (default/SAML2/POST)
Any help or hints very much appreciated,
Elmar
--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list