[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Shibboleth SP & Okta IdP Redirect Looping
From:       "Paul Carroll" <pcarroll () nfmail ! net>
Date:       2020-07-30 13:53:15
Message-ID: 20200730065315.E25B253F () m0117459 ! ppops ! net
[Download RAW message or body]

OK, thanks Peter and Scott.  I looked at the page that describes debugging the \
looping but it was early on in the process.  I will take another look since I know \
more about it now.

Peter, I resubmitted my issue using text.  I thought I may have to resubmit.  Please \
disregard the resubmitted issue.

Thanks,
Paul

--- cantor.2@osu.edu wrote:

From: "Cantor, Scott" <cantor.2@osu.edu>
To: Shib Users <users@shibboleth.net>
Subject: Re: Shibboleth SP & Okta IdP Redirect Looping
Date: Thu, 30 Jul 2020 13:35:35 +0000

Assuming the shibd log records a session being created and then immediately \
invalidated or destroyed, the syslog/native log stream will likely log why it's \
rejecting the sessions immediately after establishment; IP address instability \
perhaps.

As for how to debug it if there's no apparent issue other than cookies going \
missing...

1. Learn how the SP works and uses cookies at all steps by observing working \
transactions and reading the documentation that describes all the steps. [1] 2. Trace \
to identify where the cookie(s) go missing.

-- Scott

[1] https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig


-- 
For Consortium Member technical support, see \
https://wiki.shibboleth.net/confluence/x/coFAAg To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


-- 
For Consortium Member technical support, see \
https://wiki.shibboleth.net/confluence/x/coFAAg To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]