institutions using Shibboleth to authenticate Peoplesoft
Liam Hoekenga
liamr at umich.edu
Tue Jul 28 20:39:36 UTC 2020
>
> RelayState also has to be factored in. If you're using memory for the post
> data, you can't be clustered, so you should be using memory for the relay
> state also, and then no cookies would be involved to recover anything.
>
Oracle didn't like / understand relayState.
They passed some attribute “RelayState” to it and it was redirected
back to the PeopleSoft delivered page.
This is an issue. Since the redirected back URL should have been a
POST request with an attribute like
“cxml-urlencoded” which was passed in sequence /x/ properly.
But the one being generated by customized code is to do a GET request
on the same page. Hence you will be seeing a blank page.
This is a problem with how the customer is implementing it. Either ask
them to remove their customization code of redirecting to
“shibboleth.umich.edu” OR correct the logic of generating the proper
URL through it.
If we're capturing the POST data and relayState in shared memory, and the
application / SP has multiple nodes, the LB has to be configured to enforce
session stickiness. The operations group for that team swears that it is..
but would this behavior suggest otherwise?
Should we be looking at the sameSiteSession setting in SP 3.1?
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200728/2b19e1c5/attachment.htm>
More information about the users
mailing list