JSESSIONID issues, Stale Session. (SameSite issue?)
Etan Weintraub
eweintra at jhmi.edu
Thu Jan 20 17:32:23 UTC 2022
We just started having the issue appear significantly yesterday, and have
been trying to track down what the cause is or how we can fix it, and we
literally just identified it as a jsessionID issue about an hour ago.
Scott- Is there a way for us to fix this on our side, or are we just
completely hosed and need to not use SAML Proxy Auth?
-Etan E. Weintraub
IT Architect
Enterprise Authentication & Cloud Workspace
IT at Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Davis Building Suite 3110B
Baltimore, MD 21209
E-mail: eweintra at jhmi.edu
Pronouns: he, him, his
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, January 20, 2022 11:50 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: JSESSIONID issues, Stale Session. (SameSite issue?)
External Email - Use Caution
The SameSite page contains this text that needs to be more prominent:
"It is also likely that SAML proxying will be affected by this issue,
because the POST back to the IdP from the proxied IdP will omit the
necessary cookies to resume the flow, resulting in the "stale request"
message."
It's not "likely", it's fact. The IdP will not function unless the original
JSESSIONID is delivered back with the SAML POST intact.
-- Scott
--
For Consortium Member technical support, see
https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6666 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220120/b259c86d/attachment.p7s>
More information about the users
mailing list