<div dir="ltr"><div>Hello Scott,<br><br>
> There is nothing to configure other than a few properties. Whatever's
wrong is local and isn't even about local storage because it would
simply use cookies as a fallback.<div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"><div id="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-:11z" class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajR"><img class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajT" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"><br></div>I note that localstorage is working, and that persistent cookie is also correctly set, in Firefox. But persistent cookie configuration does not work either
on my computer. I mean the cookie
shib_idp_persistent_ss
is correctly stored at the first login attempt and correctly send at the second attempt. But the browser redirect to : <a href="https://localhost/idp/profile/SAML2/POST/SSO?execution=e1s1" target="_blank">https://localhost/idp/profile/<wbr>SAML2/POST/SSO?execution=e1s1</a> which display the login page, instead of logging me in.<br></div><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"><br></div><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"></div>On Chrome, when i close the browser and then reopen it, i see the cookie : shib_idp_session, so i remove it, because it is a session cookie (expiring in 1969-12-31). And it seems to me a Chrome bug. And Firefox does not send this cookie when i close and reopen the browser. Without this cookie Chrome behaves the same as Firefox: it redirects to the login page.<br><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"><br>So i feel that on my computer the shib_idp_persistent_ss is not decrypted or incorrectly at the server side. <br></div><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"><br>In fact as i debugged a bit, i see it is well decrypted in org.opensaml.storage.impl.client.ClientStorageService#load<br></div><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU"><br></div><div class="gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-yj6qo gmail-m_-2814368918721743559gmail-m_-1430948191016403588gmail-m_9201035975281057050gmail-ajU">Thomas<br></div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-03-06 19:18 GMT+01:00 Cantor, Scott <span dir="ltr"><<a href="mailto:cantor.2@osu.edu" target="_blank">cantor.2@osu.edu</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> The Os is Windows 10.<br>
> At first i thought it has nothing to do with the browser but it does not work<br>
> on Firefox nor on IE 11, but it works on Chrome 64.0.3282.<br>
<br>
</span>It works fine for me in all my testing on all the browsers.<br>
<span class=""><br>
> Also shibboleth is on address : <a href="https://localhost/" rel="noreferrer" target="_blank">https://localhost/</a> while the sp is on address :<br>
> <a href="https://localhost:8443/" rel="noreferrer" target="_blank">https://localhost:8443/</a>.<br>
<br>
</span>I test routinely with the Eclipse testbed using localhost, it's never mattered. I would generally advise anybody who can't make that work to stop using localhost, it simply rules out issues that don't have anything to do with us.<br>
<span class=""><br>
> Now, when i debugged more carefully, I see that i was wrong. The<br>
> shib_idp_persistent_ss is stored in Firefox. And i see the same behaviour<br>
> than Chrome.<br>
<br>
</span>Even if local storage failed it would back off to cookies, though logout wouldn't work in that case. SSO still would.<br>
<br>
I just tested IE 11 on a never-before-used install of Windows and it worked fine with no adjustments.<br>
<span class=""><br>
> The server log are different and i am trying to debug inside :<br>
<br>
</span>That's far past any point where the session is involved.<br>
<span class=""><br>
> I see in the log that the behaviour is different in SelectAuthenticationFlow.<br>
> On Firefox the authenticationContext is not the same than in Chrome. In fact<br>
> this is the profileRequestContext which is different. But it must be filled else<br>
> in the code.<br>
<br>
</span>That doesn't really resemble any possible state of affairs, none of that is browser-dependent.<br>
<span class=""><br>
> Scott, if you could give me some infos on where is decrypted the<br>
> shib_idp_persistent_ss value (or is it a key ?).<br>
<br>
</span>I can't do that in an email.<br>
<span class=""><br>
> I obviously misconfigured something but what ?<br>
<br>
</span>There is nothing to configure other than a few properties. Whatever's wrong is local and isn't even about local storage because it would simply use cookies as a fallback.<br>
<span class="HOEnZb"><font color="#888888"><br>
-- Scott<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
For Consortium Member technical support, see <a href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="noreferrer" target="_blank">https://wiki.shibboleth.net/<wbr>confluence/x/coFAAg</a><br>
To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net">users-unsubscribe@shibboleth.<wbr>net</a><br>
</div></div></blockquote></div><br></div>