Stale Request after IP change
janusz.ulanowski at heanet.ie
Tue Nov 9 13:19:19 UTC 2021
I hope you can advice on issue I have with Shib IDP v4.0.1
We have configured IsP to delegate authn to Azure via SAML (mostly
default setting as per doc)
Everything works except when browser's IP changes.
When client browser's IP changes:
- idp triggers re-authentication flow
- redirects to upstream IdP
- after receiving assertion upstream IdP : it breaks at this stage
(resulting err "Stale Request")
That happens when I'm trying gain access to SP which already had
session on previous IP (browser IP).
If I try different SP then re-authn flow on IdP site is fine.
In the log: I can see:
2021-11-09 12:54:32,436 - X.X.X.X - ERROR
retrieving flow conversation
No flow execution could be found with key 'e2s1' -- perhaps this
executing flow has ended or expired? This could happen if your users are
relying on browser history (typically via the back button) that
references ended flows.
conversation could be found with id '2' -- perhaps this conversation has
Is it a bug or there some configuration change required?
Thanks in advance,
More information about the users