SAML Proxy to Azure: odd IdP session timeout behavior

Cantor, Scott cantor.2 at
Wed Jun 23 20:31:55 UTC 2021

On 6/23/21, 4:20 PM, "Jeffrey Williams" <jfwillia at> wrote:

>    Luckily, I can reproduce in a dev environment as well.   I'll attach the log for it(idp-process and a saml-tracr).

The list won't accept anything that big, just file a bug and attach them.

>    This one is slightly different from the client experience in that it starts with an SP-initiated request, gets
> redirected to Azure, where it prompts me to select a running Azure session, then it heads back to shib where
> the error.  The client notes that they go to their SP and never get transitioned to Azure.

I think either Azure has a bug, or there's some non-understood behavior with it, but I really don't know at this stage. There should NOT be an issue with any cross-talk between requests by one client, the External method was patched a while back to deal with that problem and this just piggybacks.

But somehow there's a duplicate step that isn't supposed to be possible and I don't know how it can be happening, hopefully the HTTP trace will point to something.

-- Scott

More information about the users mailing list