Setting session timeout="0" creates infinite loop between SP and IDP

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

When SP is configured with <Sessions lifetime="28800" timeout="0" checkAddress="false" >relayState="ss:mem" handlerSSL="true">
Browser continuously redirects between IDP and SP.

Environment

We could reproduce this on a test SP running 2.4.3 in redhat 5.6
The SP is configure to use only one IDP. We are using RPM from suse repository.

Activity

Scott Cantor October 11, 2011 at 5:58 PM

Use lifetime of session as cache eviction setting if timeout and allowance are both 0.

http://svn.shibboleth.net/view/cpp-sp?view=revision&revision=3528

Scott Cantor October 11, 2011 at 5:17 PM

Found it, this is triggered by leaving cacheAllowance at 0 also. I think that is acting as the default now when there's no SessionCache element provided, so this needs to be cleaned up one way or the other.

Scott Cantor October 11, 2011 at 4:53 PM

I'm not seeing any such behavior. Are there log messages indicating what the SP is doing when it loops? There should be something indicating why the session's not accepted.

Resize issue view side panel

Fixed

Details

Assignee

Scott Cantor

Reporter

Russell Yount

Original estimate

Created September 13, 2011 at 3:00 PM

Updated August 7, 2012 at 1:07 AM

Resolved October 11, 2011 at 5:58 PM