https://help.liferay.com/hc/articles/360039330892

Fixed in

Liferay Connector to SAML 2.0 for

• DXP 7.0: 3.1.2+
• DXP 7.1: 4.1.1+
• DXP 7.2: 5.0.1+
• DXP 7.3: 6.0.0+

Affected Products

Liferay Connector to SAML 2.0, versions

• 5.0.0 for DXP 7.2
• 4.1.0 and below for DXP 7.1
• 3.1.1 and below for DXP 7.0
• 2.1.3 and below for Liferay Portal 6.2 EE
• 1.0.4 and below for Liferay Portal 6.1 EE GA2 and GA3

Reproduction steps

Issue 1 - SAML SP initiated SSO requests behave like "Force Authn"

1. Configure 2 Liferay SAML SP instances connected to 1 Liferay SAML IdP. For the SP connections to the IdP, ensure "Force authn" is not selected.
2. Complete a SP initiated SSO as usual with SP1
3. Initiate a SP initiated SSO us usual with SP2

 Expected result: You are not prompted to log into the IdP because there exists an authenticated portal session on the IdP
 Actual result: You are prompted to login

Issue 2 - 2nd+ SAML SP initiated SSO request fails

1. Configure 1 Liferay SAML SP instances connected to 1 Liferay SAML IdP
2. Complete a SP initiated SSO as usual
3. Delete all cookies associated with the SP (so you are guest again)
4. Attempt another SP initiated SSO
5. You will be prompted to log into the IdP for the same reason as issue 1. Log in with valid credentials.

 Expected result: You are authenticated and returned to the SP
 Actual result: The IdP displays error "Unable to process SAML request". Also there is an error in the log: {{{ ERROR [http-nio-8080-exec-3][BaseSamlStrutsAction:59] Duplicate SAML IDP SSO session for XXXX }}}

Issue 3 - SAML Single Logout fails

1. Configure 1 Liferay SAML SP instances connected to 1 Liferay SAML IdP
2. Complete a SP initiated SSO as usual
3. Initiate a SLO from the SP

 Expected result: You are redirected to the IdP which renders a page where the logout progress of each SP is shown
 Actual result: You are presented with a maximized login portlet on the IdP stating "You are signed in"