Discussion:
SP shib-session id cookie is changing continuesly in the SAML request
savitha
2014-08-18 10:34:59 UTC
Permalink
Hi..
We have configured Shibboleth service provider on win 2008 -IIS7 in our
organization and it will be interacting with an
external IDP belongs other organization (not shibboleth it is openId )that
supports SAML 2.0(Microsoft product) .

When we browse the shib secured application URL( application which is
configured in shib-SP configuration file),
it is redirecting to other organization IDP login page for
authorization.Once authentication details provided, the SSO control is
returning back to locally configured SP but instead redirecting to our shib
secured application page (requested page) the request is looping and
refreshing SAML request with different "relay state " value highlighted as
below.




<HTML>
<HEAD>

<TITLE>Access rights validated</TITLE>

</HEAD>

<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST"
ACTION="https&#x3a;&#x2f;&#x2f;wgul1.excelindia.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse"
VALUE="PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6&#xa;cHJvdG9jb2wiIElEPSJzMmNhNTBiNzhjMTYxN2RjM2I2MjA3OGRiNmQzNjViNDI0MzRhNDAzMGMi&#xa;IEluUmVzcG9uc2VUbz0iXzFhMmFmOTRjM2FlMTQwMTc1YzRiMTQxZjkxMTc3ZWYyIiBWZXJzaW9u&#xa;PSIyLjAiIElzc3VlSW5zdY29sIj4KPHNhbWxwOlN0YXR1c0NvZGUgIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6&#xa;bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiClZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN&#xa;TDoyLjA6c3RhdHVzOlN1Y2Nlc3MiPgo8L3NhbWxwOlN0YXR1c0NvZGU&#x2b;Cjwvc2FtbHA6U3RhdHVz&#xa;PjxzYW1sOkFzc2VydGlvbiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6&#xa;YXNzZXJ0aW9uIiBJRD0iczI2NzIzZjllYjIzNzdmZDA2OWNjZTJmYTI0MmM4MWU1NmU0MjJjNTNm&#xa;IiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMThUMDk6MzM6MDZaIiBWZXJzaW9uPSIyLjAiPgo8c2Ft&#xa;bDpJc3N1ZXI&#x2b;aHR0cHM6Ly9sMW9zc28ud2d1LmVkdTo0N
DMvb3BlbnNzby9leGNlbHNvZnQ8L3Nh&#xa;bWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv&#xa;MDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob
2Qg&#xa;QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRz&#xa;OlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s&#xaNhbWYnV0ZSBOYW1lPSJMYXN0TmFtZSI&#x2b;PHNhbWw6QXR0cmlidXRl&#xa;VmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxucGVWYWx1ZSB4bWxuczp4cz0i&#xa;aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53&#xa;My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjAwMDk5&#xa;OTk5OTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1&#xa;dGVTdGF0ZW1lbnQ&#x2b;PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg&#x3d;&#x3d;&#xa;">


The RelayState value Continuously changing and page is getting refreshing in
every second

/*<INPUT TYPE="HIDDEN" NAME="RelayState"
VALUE="cookie&#x3a;1408354385_495f">*/


<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLResponse data "/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>


also in *HTTP header response* getting below response

*Set-Cookie: _shibstate_1407947781_e14a=; path=/; HttpOnly; expires=Mon, 01
Jan 2001 00:00:00 GMT*

is above the expire date affecting the normal SP process??
if so, can anyone tell how to reset shib SP cookie expiry date?

Is there a way/need to do any SP level configuration ,So that After
authorization IDP redirects to Requested page?


*Note * : in Shib.log getting expected authorization information (mapped
attebutes values) also in Transaction.log getting expected number of mapped
attebutes

Thanks,
Savitha



--
View this message in context: http://shibboleth.1660669.n2.nabble.com/SP-shib-session-id-cookie-is-changing-continuesly-in-the-SAML-request-tp7605626.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
j***@public.gmane.org
2014-08-18 10:55:01 UTC
Permalink
Hi,

How you are redirecting to other IDP, I have configured everything but
unable to redirect it to our IDP?

Can you please share some details?

Kind Regards,
Junaid Akbar
Post by savitha
Hi..
We have configured Shibboleth service provider on win 2008 -IIS7 in our
organization and it will be interacting with an
external IDP belongs other organization (not shibboleth it is openId )that
supports SAML 2.0(Microsoft product) .
When we browse the shib secured application URL( application which is
configured in shib-SP configuration file),
it is redirecting to other organization IDP login page for
authorization.Once authentication details provided, the SSO control is
returning back to locally configured SP but instead redirecting to our shib
secured application page (requested page) the request is looping and
refreshing SAML request with different "relay state " value highlighted as
below.
<HTML>
<HEAD>
<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST"
ACTION="https&#x3a;&#x2f;&#x2f;wgul1.excelindia.com&#x2f;Shibboleth.sso&#x
2f;SAML2&#x2f;POST">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse"
VALUE="PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0F
NTDoyLjA6&#xa;cHJvdG9jb2wiIElEPSJzMmNhNTBiNzhjMTYxN2RjM2I2MjA3OGRiNmQzNjVi
NDI0MzRhNDAzMGMi&#xa;IEluUmVzcG9uc2VUbz0iXzFhMmFmOTRjM2FlMTQwMTc1YzRiMTQxZ
jkxMTc3ZWYyIiBWZXJzaW9u&#xa;PSIyLjAiIElzc3VlSW5zdY29sIj4KPHNhbWxwOlN0YXR1c
0NvZGUgIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6&#xa;bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG
9jb2wiClZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN&#xa;TDoyLjA6c3RhdHVzOlN1Y2N
lc3MiPgo8L3NhbWxwOlN0YXR1c0NvZGU&#x2b;Cjwvc2FtbHA6U3RhdHVz&#xa;PjxzYW1sOkF
zc2VydGlvbiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6&#xa;YXNz
ZXJ0aW9uIiBJRD0iczI2NzIzZjllYjIzNzdmZDA2OWNjZTJmYTI0MmM4MWU1NmU0MjJjNTNm&#
xa;IiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDgtMThUMDk6MzM6MDZaIiBWZXJzaW9uPSIyLjAiPgo
8c2Ft&#xa;bDpJc3N1ZXI&#x2b;aHR0cHM6Ly9sMW9zc28ud2d1LmVkdTo0NDMvb3BlbnNzby9
leGNlbHNvZnQ8L3Nh&#xa;bWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6
Ly93d3cudzMub3JnLzIwMDAv&#xa;MDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzO
kNhbm9uaWNhbGl6YXRpb25NZXRob
2Qg&#xa;QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0bi
MiLz4KPGRz&#xa;OlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3J
nLzIwMDAvMDkveG1s&#xaNhbWYnV0ZSBOYW1lPSJMYXN0TmFtZSI&#x2b;PHNhbWw6QXR0cmli
dXRl&#xa;VmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI
iB4bWxucGVWYWx1ZSB4bWxuczp4cz0i&#xa;aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2
hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53&#xa;My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5
zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjAwMDk5&#xa;OTk5OTwvc2FtbDpBdHRyaWJ1
dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1&#xa;dGVTdGF0ZW1lbnQ&#
x2b;PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg&#x3d;&#x3d;&#xa;">
The RelayState value Continuously changing and page is getting refreshing in
every second
/*<INPUT TYPE="HIDDEN" NAME="RelayState"
VALUE="cookie&#x3a;1408354385_495f">*/
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLResponse data
"/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>
also in *HTTP header response* getting below response
*Set-Cookie: _shibstate_1407947781_e14a=; path=/; HttpOnly; expires=Mon, 01
Jan 2001 00:00:00 GMT*
is above the expire date affecting the normal SP process??
if so, can anyone tell how to reset shib SP cookie expiry date?
Is there a way/need to do any SP level configuration ,So that After
authorization IDP redirects to Requested page?
*Note * : in Shib.log getting expected authorization information (mapped
attebutes values) also in Transaction.log getting expected number of mapped
attebutes
Thanks,
Savitha
--
http://shibboleth.1660669.n2.nabble.com/SP-shib-session-id-cookie-is-chang
ing-continuesly-in-the-SAML-request-tp7605626.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
--
To unsubscribe from this list send an email to
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...