I am troubleshooting the problem related to infinite redirects with Kentor Authservices on SP side and Shibboleth clone on IDP side. My question is what could be the possible causes of this and how can I intercept and log Kentor's decision to redirect back to IDP?
Asked
Active
Viewed 2,948 times
1 Answers
2
This is usually the case when you have authorization sections in the web.config and have set up ~/AuthServices/SignIn as the sign in url with <authentication mode="forms">.
If that is the case, try temporarily setting up another sign in url that doesn't trigger a redirect to the Idp directly. It can be a simple page that just contains a link to ~/AuthServices/SignIn.
Then use Fiddler or your browser's debug tools to see the redirect sequence. That's the right way to start troubleshooting even if my guess above about the web.config settings is incorrect.
Anders Abel
- 67,989
- 17
- 150
- 217
-
Thank you for your answer. This trick helped to break the loop, but the issue essentially remains the same - after successful login into Shibboleth IDP I am getting redirected back to the temporary sign in page. From the logs it seems to me it happens somewhere inside AuthServices library. I compared SAML tokens with the ones that I receive from Kentor stubidp - the biggest difference is that Signature element in Kentor's SAML is root element, while in Shibboleth IDP SAML is't under Assertions element. Also NameID in Shibboleth is transient id. – dmitreyg Jul 12 '16 at 03:37
-
The problem was resolved by adding slash after returnUrl. Sorry :) – dmitreyg Jul 13 '16 at 00:53
-
@dmitreyg could you share details? I am running into this same issue. – silverArc Sep 15 '16 at 15:32
-
There is not much details - like I said adding trailing slash to the returnUrl configuration option fixed that issue:
– dmitreyg Sep 19 '16 at 23:40