Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1108

Intermittent Assertion signature with IdP-initiated SSO

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.0
    • Component/s: SAML2
    • Labels:
    • Environment:

      Oracle Linux 7

    • Operating System:
      Multiple
    • Java Version:
      Oracle Java 8
    • Servlet Container:
      Apache Tomcat 8

      Description

      User noticed intermittent SSO failures to Kronos. This application is IdP-initiated SSO only.

      Discovered failing sessions the saml2p:Response lacked a signature.

      Note that we did have to switch signing the full response to signing the assertion.

      Sample idl-process DEBUG log attached.

        Attachments

        1. idp-process-200161109.log.gz
          88 kB
          Tom Poage
        2. metadata.txt
          0.5 kB
          Tom Poage
        3. relying-party.txt
          0.6 kB
          Tom Poage

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            poage@ucdavis.edu Tom Poage
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m