I set up my own set of pages to set and get data from a PHP session and it seems fine. I am truly stumped - having tried multiple things to resolve this. I did an HTTP trace when trying to login as administrator on the simplesaml installation page. This is what that looks like (various details have been obscured). One bizarre detail I'm noticing is that the Cookie that gets set has an expiration date in the past. However, my development environment does the same thing and it works fine. Below the HTTP Trace, I'm including the request and response from the simplesamlphp log. Notice that there is a Successful response after the No State error.
===========HTTP TRACE================
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: WT_FPC=id=10.9.97.249-237925568.30469917:lv=1446491376542:ss=1446491376542; __utma=235480898.2101344954.1429301107.1446477916.1446491377.4; PHPSESSID=humb6nirgh4bh63oes1pvgavh3; _ga=GA1.2.2101344954.1429301107; PHPSESSID=57d5a2169bd43fd2de288c4f7bcabc21
HTTP/1.1 302 Found
Date: Tue, 20 Sep 2016 16:53:15 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/0.9.8e-fips-rhel5 PHP/5.6.18
X-Powered-By: PHP/5.6.18
Set-Cookie: PHPSESSID=humb6nirgh4bh63oes1pvgavh3; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3d94c08e36e387c6f284944655890634; path=/; HttpOnly
Content-Length: 1503
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: WT_FPC=id=10.9.97.249-237925568.30469917:lv=1446491376542:ss=1446491376542; __utma=235480898.2101344954.1429301107.1446477916.1446491377.4; PHPSESSID=humb6nirgh4bh63oes1pvgavh3; _ga=GA1.2.2101344954.1429301107; PHPSESSID=3d94c08e36e387c6f284944655890634
HTTP/1.1 302 Found
Date: Tue, 20 Sep 2016 16:53:15 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/0.9.8e-fips-rhel5 PHP/5.6.18
X-Powered-By: PHP/5.6.18
Set-Cookie: PHPSESSID=humb6nirgh4bh63oes1pvgavh3; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=2d915f41e51159917753dfdd78c9e300; path=/; HttpOnly
Content-Length: 1139
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: WT_FPC=id=10.9.97.249-237925568.30469917:lv=1446491376542:ss=1446491376542; __utma=235480898.2101344954.1429301107.1446477916.1446491377.4; PHPSESSID=humb6nirgh4bh63oes1pvgavh3; _ga=GA1.2.2101344954.1429301107; PHPSESSID=2d915f41e51159917753dfdd78c9e300
HTTP/1.1 302 Found
Date: Tue, 20 Sep 2016 16:53:15 GMT
Server: Apache/2.4.23 (Unix) OpenSSL/0.9.8e-fips-rhel5 PHP/5.6.18
X-Powered-By: PHP/5.6.18
Set-Cookie: PHPSESSID=humb6nirgh4bh63oes1pvgavh3; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=37d4b405aedaddce25ce020ab9cae5a2; path=/; HttpOnly
Content-Length: 1503
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ETC.... (THIS LOOPS UNTIL CHROME QUITS)
===========HTTP TRACE================
===========SIMPLESAMLPHP LOG==============
Sep 20 13:06:49 simplesamlphp DEBUG [5d983c8e27] Session: 'admin' not valid because we are not authenticated.
Sep 20 13:06:49 simplesamlphp DEBUG [5d983c8e27] Session: 'login-admin' not valid because we are not authenticated.
Sep 20 13:06:49 simplesamlphp DEBUG [5d983c8e27] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/core/dictionaries/frontpage]
Sep 20 13:06:49 simplesamlphp DEBUG [5d983c8e27] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/core/dictionaries/frontpage]
Sep 20 13:06:51 simplesamlphp DEBUG [7029363b69] Session: 'admin' not valid because we are not authenticated.
Sep 20 13:06:51 simplesamlphp DEBUG [7029363b69] Session: 'login-admin' not valid because we are not authenticated.
Sep 20 13:06:51 simplesamlphp DEBUG [7029363b69] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/core/dictionaries/frontpage]
Sep 20 13:06:51 simplesamlphp DEBUG [7029363b69] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/core/dictionaries/frontpage]
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] Session: 'default-sp' not valid because we are not authenticated.
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] Saved state: '_05f9acd04c5641b32c4790e77aab9b30d50bdcfb58'
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] Sending SAML 2 AuthnRequest to 'ABCSSO2.0'
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] Sending message:
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" I
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <saml:Issuer>ABCToBalloonView</saml:Issuer>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:SignedInfo>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:Reference URI="#_05f9acd04c5641b32c4790e77aab9b30d50bdcfb58">
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:Transforms>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:Transforms>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:DigestValue>KDknTddelEonYymkEKdYY7FqaEU=</ds:DigestValue>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:Reference>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:SignedInfo>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:SignatureValue>Gian9ysl0yu4fGem8Ii...TRUNCATED...a18krN0fJ/FMjVmOBA==</ds:SignatureValue>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:KeyInfo>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:X509Data>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <ds:X509Certificate>MIIG/jCCBeagAwIBAgI...TRUNCATED...Qd2OoZSN5UG5</ds:X509Certificate>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:X509Data>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:KeyInfo>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </ds:Signature>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
Sep 20 13:06:54 simplesamlphp DEBUG [6947a2f2e9] </samlp:AuthnRequest>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] Loading state: '_05f9acd04c5641b32c4790e77aab9b30d50bdcfb58'
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] SimpleSAML_Error_NoState: NOSTATE
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] Backtrace:
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] 2 /infra/app/balloons/local/var/httpd/balloons/simplesamlphp/lib/SimpleSAML/Auth/State.php:263 (SimpleSAML_Auth_State:
:loadState)
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] 1 /infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/saml/www/sp/saml2-acs.php:78 (require)
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] 0 /infra/app/balloons/local/var/httpd/balloons/simplesamlphp/www/module.php:127 (N/A)
Sep 20 13:06:55 simplesamlphp ERROR [32a626f7be] Error report with id a4e8067f generated.
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/dictionaries/errors]
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] Template: Reading [/infra/app/balloons/local/var/httpd/balloons/simplesamlphp/modules/core/dictionaries/no_state]
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] Received message:
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="c.2ntWUhg8qlEj-ec8HItvz4nJG" IssueInst
s.php/default-sp">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ABCSSO2.0</saml:Issuer>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:SignedInfo>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:Reference URI="#c.2ntWUhg8qlEj-ec8HItvz4nJG">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:Transforms>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:Transforms>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:DigestValue>qSYPHZgGNvZJY7l/Y4wlb9axToglnXcJUR5uToptV94=</ds:DigestValue>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:Reference>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:SignedInfo>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:SignatureValue>elHBq6oPYHquRPF...TRUNCATED...ZFhRQTubUqBztFjA==</ds:SignatureValue>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:KeyInfo>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:X509Data>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <ds:X509Certificate>MIIFCzCCA/OgAwIBAgIQbbw9BkJYhhCRoLWu51A9nzANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQG
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] EwJVUzEdMBsGA1UEChMU...TRUNCATED...yWFrP5EqVdtG5QUUiMPKBg1fJOHZ4=</ds:X509Certificate>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:X509Data>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:KeyInfo>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </ds:Signature>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <samlp:Status>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </samlp:Status>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="R0wo79VnsDI57XpVv1lOC_yp4Fe" IssueInstant="2016-09-20T17:06:55.289Z" Version="2.0">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Issuer>ABCSSO2.0</saml:Issuer>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Subject>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
j...@obscured.domain.com</saml:NameID>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:SubjectConfirmation>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:Subject>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Conditions NotBefore="2016-09-20T17:01:55.289Z" NotOnOrAfter="2016-09-20T17:11:55.289Z">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:AudienceRestriction>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:Audience>ABCToBalloonView</saml:Audience>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:AudienceRestriction>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:Conditions>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:AuthnStatement SessionIndex="R0wo79VnsDI57XpVv1lOC_yp4Fe" AuthnInstant="2016-09-20T17:06:55.289Z">
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:AuthnContext>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:AuthnContext>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:AuthnStatement>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </saml:Assertion>
Sep 20 13:06:55 simplesamlphp DEBUG [32a626f7be] </samlp:Response>
===========SIMPLESAMLPHP LOG==============