[OPENAM-15562] SAML2 crosstalk fails when Accept-Language header is missing from the original request Created: 17/Oct/19 Updated: 07/Feb/20 Resolved: 18/Oct/19
|Affects Version/s:||5.5.1, 6.0.0, 6.5.0, 7.0.0|
|Fix Version/s:||6.0.1, 18.104.22.168, 5.5.2, 7.0.0, 6.5.3|
|Reporter:||Peter Major [X] (Inactive)||Assignee:||Peter Major [X] (Inactive)|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Epic Link:||Elastically scalable - SAML|
When SAML performs a crosstalk for an SSO or an SLO request, it attempts to replay the Accept-Language header, however the code does not seem to handle the case when the header is missing from the request. This results in failed crosstalk request, and can potentially result in the infamous IDP session is NULL error message.
Authentication should succeed, because AM performs a crosstalk request to the first request.
SAML SSO fails with IDP session is NULL error message.
Enable SAML2 failover.
|Comment by Ľubomír Mlích [ 07/Feb/20 ]|
Reproduced in ForgeRock Access Management 22.214.171.124 Build 512c5a2f00 (2019-October-30 10:12), there was HTTP 500
I have two IDP instances at
Now I start testing by going to: