Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17104

SAML2 IDP Proxy requires stickiness and not HA

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.2, 6.5.2.3, 7.0.0, 6.5.3, 7.0.1
    • None
    • SAML
    • None

      Description

      Bug description

      This is probably not a new issue but similar to all the existing IDP proxy mentioning stickiness is required. However this bug is being explicitly stating that since from beginning zero-day, it seems that this does not work and this bug is not targetting the sticky cookie but rather the implementation.

      How to reproduce the issue

      1. Create and IDP, IDP proxy and SP
      2. Testing all these works for SAML SP SSO with say a "RelayState=/"
      3. Now redo all these with a new session
      4. When the request end on IDP, restart IDP proxy
      5. Continue flow, and the whole things break

      This is a IDP proxy specific issue

      Expected behaviour
      IDP proxy works.
      
      Current behaviour
      When the idp return let happen, it fails detecting IDP proxy and get redirect to metaalias/s2....... (invalid redirect)
      

      Work around

      Never restart Proxy and ensure stickiness

      Code analysis

      I

      IDPProxyUtil.java
      ... Reimplementation required ....
      

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              chee-weng.chea C-Weng C
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: