savitha
2014-08-18 10:34:59 UTC
Hi..
We have configured Shibboleth service provider on win 2008 -IIS7 in our
organization and it will be interacting with an
external IDP belongs other organization (not shibboleth it is openId )that
supports SAML 2.0(Microsoft product) .
When we browse the shib secured application URL( application which is
configured in shib-SP configuration file),
it is redirecting to other organization IDP login page for
authorization.Once authentication details provided, the SSO control is
returning back to locally configured SP but instead redirecting to our shib
secured application page (requested page) the request is looping and
refreshing SAML request with different "relay state " value highlighted as
below.
<HTML>
<HEAD>
<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST"
ACTION="https://wgul1.excelindia.com/Shibboleth.sso/SAML2/POST">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse"
VALUE="PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
cHJvdG9jb2wiIElEPSJzMmNhNTBiNzhjMTYxN2RjM2I2MjA3OGRiNmQzNjViNDI0MzRhNDAzMGMi
IEluUmVzcG9uc2VUbz0iXzFhMmFmOTRjM2FlMTQwMTc1YzRiMTQxZjkxMTc3ZWYyIiBWZXJzaW9u
PSIyLjAiIElzc3VlSW5zdY29sIj4KPHNhbWxwOlN0YXR1c0NvZGUgIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6
bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiClZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
TDoyLjA6c3RhdHVzOlN1Y2Nlc3MiPgo8L3NhbWxwOlN0YXR1c0NvZGU+Cjwvc2FtbHA6U3RhdHVz
PjxzYW1sOkFzc2VydGlvbiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
YXNzZXJ0aW9uIiBJRD0iczI2NzIzZjllYjIzNzdmZDA2OWNjZTJmYTI0MmM4MWU1NmU0MjJjNTNm
IiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMThUMDk6MzM6MDZaIiBWZXJzaW9uPSIyLjAiPgo8c2Ft
bDpJc3N1ZXI+aHR0cHM6Ly9sMW9zc28ud2d1LmVkdTo0N
DMvb3BlbnNzby9leGNlbHNvZnQ8L3Nh
bWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
MDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob
2Qg
QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRz
OlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s
NhbWYnV0ZSBOYW1lPSJMYXN0TmFtZSI+PHNhbWw6QXR0cmlidXRl
VmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxucGVWYWx1ZSB4bWxuczp4cz0i
aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53
My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjAwMDk5
OTk5OTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1
dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
">
The RelayState value Continuously changing and page is getting refreshing in
every second
/*<INPUT TYPE="HIDDEN" NAME="RelayState"
VALUE="cookie:1408354385_495f">*/
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLResponse data "/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>
also in *HTTP header response* getting below response
*Set-Cookie: _shibstate_1407947781_e14a=; path=/; HttpOnly; expires=Mon, 01
Jan 2001 00:00:00 GMT*
is above the expire date affecting the normal SP process??
if so, can anyone tell how to reset shib SP cookie expiry date?
Is there a way/need to do any SP level configuration ,So that After
authorization IDP redirects to Requested page?
*Note * : in Shib.log getting expected authorization information (mapped
attebutes values) also in Transaction.log getting expected number of mapped
attebutes
Thanks,
Savitha
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/SP-shib-session-id-cookie-is-changing-continuesly-in-the-SAML-request-tp7605626.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
We have configured Shibboleth service provider on win 2008 -IIS7 in our
organization and it will be interacting with an
external IDP belongs other organization (not shibboleth it is openId )that
supports SAML 2.0(Microsoft product) .
When we browse the shib secured application URL( application which is
configured in shib-SP configuration file),
it is redirecting to other organization IDP login page for
authorization.Once authentication details provided, the SSO control is
returning back to locally configured SP but instead redirecting to our shib
secured application page (requested page) the request is looping and
refreshing SAML request with different "relay state " value highlighted as
below.
<HTML>
<HEAD>
<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST"
ACTION="https://wgul1.excelindia.com/Shibboleth.sso/SAML2/POST">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse"
VALUE="PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
cHJvdG9jb2wiIElEPSJzMmNhNTBiNzhjMTYxN2RjM2I2MjA3OGRiNmQzNjViNDI0MzRhNDAzMGMi
IEluUmVzcG9uc2VUbz0iXzFhMmFmOTRjM2FlMTQwMTc1YzRiMTQxZjkxMTc3ZWYyIiBWZXJzaW9u
PSIyLjAiIElzc3VlSW5zdY29sIj4KPHNhbWxwOlN0YXR1c0NvZGUgIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6
bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiClZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
TDoyLjA6c3RhdHVzOlN1Y2Nlc3MiPgo8L3NhbWxwOlN0YXR1c0NvZGU+Cjwvc2FtbHA6U3RhdHVz
PjxzYW1sOkFzc2VydGlvbiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
YXNzZXJ0aW9uIiBJRD0iczI2NzIzZjllYjIzNzdmZDA2OWNjZTJmYTI0MmM4MWU1NmU0MjJjNTNm
IiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMThUMDk6MzM6MDZaIiBWZXJzaW9uPSIyLjAiPgo8c2Ft
bDpJc3N1ZXI+aHR0cHM6Ly9sMW9zc28ud2d1LmVkdTo0N
DMvb3BlbnNzby9leGNlbHNvZnQ8L3Nh
bWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
MDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob
2Qg
QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRz
OlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s
NhbWYnV0ZSBOYW1lPSJMYXN0TmFtZSI+PHNhbWw6QXR0cmlidXRl
VmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxucGVWYWx1ZSB4bWxuczp4cz0i
aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53
My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjAwMDk5
OTk5OTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1
dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
">
The RelayState value Continuously changing and page is getting refreshing in
every second
/*<INPUT TYPE="HIDDEN" NAME="RelayState"
VALUE="cookie:1408354385_495f">*/
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLResponse data "/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>
also in *HTTP header response* getting below response
*Set-Cookie: _shibstate_1407947781_e14a=; path=/; HttpOnly; expires=Mon, 01
Jan 2001 00:00:00 GMT*
is above the expire date affecting the normal SP process??
if so, can anyone tell how to reset shib SP cookie expiry date?
Is there a way/need to do any SP level configuration ,So that After
authorization IDP redirects to Requested page?
*Note * : in Shib.log getting expected authorization information (mapped
attebutes values) also in Transaction.log getting expected number of mapped
attebutes
Thanks,
Savitha
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/SP-shib-session-id-cookie-is-changing-continuesly-in-the-SAML-request-tp7605626.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org