Shibboleth SP & Okta IdP Redirect Looping

Cantor, Scott cantor.2 at
Thu Jul 30 13:35:35 UTC 2020

Assuming the shibd log records a session being created and then immediately invalidated or destroyed, the syslog/native log stream will likely log why it's rejecting the sessions immediately after establishment; IP address instability perhaps.

As for how to debug it if there's no apparent issue other than cookies going missing...

1. Learn how the SP works and uses cookies at all steps by observing working transactions and reading the documentation that describes all the steps. [1]
2. Trace to identify where the cookie(s) go missing.

-- Scott


More information about the users mailing list