Shibboleth SP & Okta IdP Redirect Looping
Cantor, Scott
cantor.2 at osu.edu
Thu Jul 30 13:35:35 UTC 2020
Assuming the shibd log records a session being created and then immediately invalidated or destroyed, the syslog/native log stream will likely log why it's rejecting the sessions immediately after establishment; IP address instability perhaps.
As for how to debug it if there's no apparent issue other than cookies going missing...
1. Learn how the SP works and uses cookies at all steps by observing working transactions and reading the documentation that describes all the steps. [1]
2. Trace to identify where the cookie(s) go missing.
-- Scott
[1] https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig
More information about the users
mailing list