Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4040

SSO failure between SPs in separate CoTs with same hosted IDP

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 11.0.0, 12.0.0, 13.0.0, 13.5.0, 14.0.0
    • 13.5.3, 6.0.0.1, 6.5.0, 6.0.1, 5.5.2
    • SAML
    • AM Sustaining Sprint 51
    • 3
    • No
    • No
    • No
    • Yes and I used the same an in the description

      Description

      To reproduce: Create 3 entities in the same realm: Hosted IDP, Remote SP1 and Remote SP2
      Create 2 CoTs:
      CoT1: IDP, SP1
      CoT2: IDP, SP2

      Test each CoT separately to check it works (clear browser in between).

      Test SSO between SP1 and SP2:
      Federate to SP2
      Federate to SP1

      In the Federation log you will see "Issuer in Request is not valid" warning.

      Workaround at this point is either:

      • put all the entities in the same CoT
        or
      • duplicate the IDP profile, create 2 separate entities IDP1 and IDP2 and two separate CoTs: CoT1: IDP1, SP1 and CoT2: IDP2, SP2

        Attachments

          Issue Links

            Activity

              People

              sfraser Sam Fraser
              nathalie.hoet Nathalie Hoet
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: