RelyParty redirect URL
Joseph Fischetti
Joseph.Fischetti at marist.edu
Thu Jul 2 15:20:08 UTC 2020
Is there any way to force the JSESSIONID to exist in the flowExecutionUrl (i.e. it doesn't always), or is it available as a variable I can access in a velocity template?
Details below:
I have it implemented the way it was discussed (with a flow intercept that isn't an end state, leveraging the flowExecutionUrl with proceed.).
SP-A is where the user wanted to go
SP-B is where the user needs to go first
User attempts to get to SP-A
Redirect to shibboleth
Enter credentials
DataConnector lookup (attribute = 0)
- Send to SP-B with flowExecutionUrl
- User takes desired action
- SP-B writes to database (attribute = 1)
- SP-B sends user to flowExecutionUrl
DataConnector lookup (attribute = 1)
User continues to SP-A
In order to function properly, the flowExecutionUrl needs to include the JSESSIONID in it... which it usually does.
However, if a user has a valid JSESSIONID cookie already, it doesn't appear in the flowExecutionUrl. After the user takes action at SP-B and they're redirected to the flowExecutionUrl, they're getting the back button error.
The only way I can force the error to happen is to:
Attempt to get to any SP
Redirect to shibboleth
The flowExecutionUrl contains the JSESSIONID
Don't log in
New tab/same tab - attempt to get to any SP
The flowExecutionURL no longer includes a JSESSIONID.
A few people in the test group have had it happen 'accidentally'.
More information about the users
mailing list