No such flow exception help
cantor.2 at osu.edu
Tue Aug 9 18:43:48 UTC 2022
On 8/9/22, 2:31 PM, "users on behalf of Wessel, Keith via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> Ugh. I suspected it might be something like this. I'm confused why we
> aren't seeing it consistently. For instance, it usually doesn't happen on the
> first authentication request of an IdP session, and sometimes not on the
. second authn request, either. I often have to hit the IdP with two or three
> authn requests before I get a stale request error.
Thank Google for that, they decided to implement the 2 minute grace window. I happen to think that "make it work, kind of, sometimes, but not predictably" is NOT better than "fail consistently, always", but they don't agree. I wrote that less politely the first time.
> If I do this, would I set the idp.sameSite.cookiie to Lax or Strict or leave it at
> None? Still trying to get my head around the meaning of the settings for
> that parameter.
A SAML assertion submission uses POST, it has to be None.
More information about the users