No such flow exception help

Cantor, Scott cantor.2 at
Tue Aug 9 18:43:48 UTC 2022

On 8/9/22, 2:31 PM, "users on behalf of Wessel, Keith via users" <users-bounces at on behalf of users at> wrote:

>    Ugh. I suspected it might be something like this. I'm confused why we
> aren't seeing it consistently. For instance, it usually doesn't happen on the
> first authentication request of an IdP session, and sometimes not on the
. second authn request, either. I often have to hit the IdP with two or three
> authn requests before I get a stale request error.

Thank Google for that, they decided to implement the 2 minute grace window. I happen to think that "make it work, kind of, sometimes, but not predictably" is NOT better than "fail consistently, always", but they don't agree. I wrote that less politely the first time.

> If I do this, would I set the idp.sameSite.cookiie to Lax or Strict or leave it at
> None? Still trying to get my head around the meaning of the settings for
> that parameter.

A SAML assertion submission uses POST, it has to be None.

-- Scott

More information about the users mailing list