This may be a config item, but I’ve discovered that some SPs are setting the _shibstate_* cookie to the homeURL after the new DS returns the user to the session initiator URL. The affected SPs initially set the _shibstate cookie to the correct URL before the redirect to the DS, but after the DS, only the home URL is set in the cookie.
Any idea what could be causing this? It’s not all SPs, but for those affected, removing the node running 1.2.0 from the cluster fixes the problem (other node is running 1.1.3). I know that one of the affected SPs has 3 different URLs and each URL has a corresponding DiscoveryResponse element in the metadata. Might that have something to do with it?
I’m still investigating what these SPs have in common, but I thought I might ask to see if maybe I’m just missing something that should’ve been in my config all along.
Thanks!
It really depends on how relayState is being handled. If by cookie, then
it's possible that there's a vhost issue involved, but I think it's more
likely another regression in 1.2 that broke something about the target
parameter behavior.
-- Scott
--
To unsubscribe from this list send an email to users-un...@shibboleth.net
I'm pretty sure it's the latter.
I'm chasing this as we speak and tracking it in SDSJ-109..