No such flow exception help

Wessel, Keith kwessel at illinois.edu
Tue Aug 9 16:48:33 UTC 2022 

Hi, all,

Hoping for some wisdom from Scott and others. We're in the process of changing our Shibboleth proxied authn from proxying to ADFS to proxying to AzureAD. We've got the new proxying running in our test environment, but since updating test, I'm seeing somewhat regular no such flow exceptions on the post back to Shibboleth from AzureAD. I'm confident this isn't happening in our proxying to ADFS that's in production right now since I'd be hearing about it, but it's possible AzureAD isn't the cause. For simplicity, I only have one IdP node running in test. So, I know it's not some strange load balancing issue.

Shibboleth is getting the authn request from the originating SP then initiating the flow:

[09/Aug/2022:11:32:53 -0500] "GET /idp/profile/SAML2/Redirect/SSO?execution=e1s1 HTTP/1.1" 302

It's then generating the authn request to send to Azure:

[09/Aug/2022:11:32:53 -0500] "GET /idp/profile/Authn/SAML2/POST/SSO/start?conversation=e1s1 HTTP/1.1" 302

And Azure is posting back:

[09/Aug/2022:11:33:14 -0500] "POST /idp/profile/Authn/SAML2/POST/SSO HTTP/1.1" 200

But at that point, we get a stale request error in the browser and the following in the IdP log:

2022-08-09 11:33:14,952 - ERROR [net.shibboleth.idp.authn.ExternalAuthenticationException:91] -  - [session=5287B8A2F3EEC48F1BB44D98802A2147]
net.shibboleth.idp.authn.ExternalAuthenticationException: Error retrieving flow conversation
	at net.shibboleth.idp.authn.ExternalAuthentication.getProfileRequestContext(ExternalAuthentication.java:227)
Caused by: org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.
	at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.getConversation(AbstractFlowExecutionRepository.java:172)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '1' -- perhaps this conversation has ended?
	at org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:126)

I'm really not sure what could be causing this behavior or how to further troubleshoot. Any suggestions?

Thanks,
Keith

More information about the users mailing list