Shibboleth SP error redux
Spencer Thomas
Spencer.Thomas at ithaka.org
Wed Mar 4 15:06:06 EST 2020
Adding consistentAddress has resolved the issue. The error message was not helpful to me in diagnosing the "root cause". If there was a message in a log saying something like "session rejected because IP changed" that would have pointed immediately to what I needed to address.
Thanks for the pointer, Scott.
--
Spencer Thomas
Technical Architect / JSTOR and Artstor
ITHAKA <https://www.ithaka.org/> / 301 E. Liberty St, Suite 250, Ann Arbor, MI 48104
Email: Spencer.Thomas at ithaka.org
Voicemail: 734-887-7004
On 3/4/20, 12:02 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:
> None of the configured SessionInitiators handled the request.
If there's no entityID statically defined or supplied to /Login via parameter, and no discoveryURL in the configuration, then there's nothing the system can do with a request when a session is mandated. That is the way you get that error.
> 1. Is this the probable cause of the error?
It will loop. The resource request will have no valid session and route back to wherever the configured discoveryURL, and if there is no such URL, it will fail with the error you got.
The only way to bypass the cross check is setting consistentAddress to false.
But you can't deploy in a way that ever allows that error to occur, because it will occur, eventually. You MUST supply an entityID or a discoveryURL, always. If you don't, you can't use requireSession. They go hand in hand.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list