Setting session timeout="0" creates infinite loop between SP and IDP
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
When SP is configured with <Sessions lifetime="28800" timeout="0" checkAddress="false" >relayState="ss:mem" handlerSSL="true"> Browser continuously redirects between IDP and SP.
Environment
We could reproduce this on a test SP running 2.4.3 in redhat 5.6 The SP is configure to use only one IDP. We are using RPM from suse repository.
Activity
Show:
Scott Cantor October 11, 2011 at 5:58 PM
Use lifetime of session as cache eviction setting if timeout and allowance are both 0.
Found it, this is triggered by leaving cacheAllowance at 0 also. I think that is acting as the default now when there's no SessionCache element provided, so this needs to be cleaned up one way or the other.
Scott Cantor October 11, 2011 at 4:53 PM
I'm not seeing any such behavior. Are there log messages indicating what the SP is doing when it loops? There should be something indicating why the session's not accepted.
Fixed
Pinned fields
Click on the next to a field label to start pinning.
When SP is configured with <Sessions lifetime="28800" timeout="0" checkAddress="false" >relayState="ss:mem" handlerSSL="true">
Browser continuously redirects between IDP and SP.