Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-122060

IDP initiated SSO doesn't work without a JSESSIONID cookie sent

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 7.0.X, 7.1.X, 7.2.X, 7.3.X, Master
    • Fix Version/s: Master
    • Component/s: Application Security > SAML
    • Labels:
      None

      Description

      LPS-108070 introduced SAML SSO support for LAX cookies. However it also prevents the propagation of the entityId HTTP parameter which is sent on the first request to start IDP initiated SSO.

      1. Configure your portal instance as a SAML IDP, assumed to be at http://localhost:8080
      2. Remove all cookies for the same portal instance
      3. Request http://localhost:8080/c/portal/saml/sso?entityId=AnyValue

       Expected result: UI shows "Unable to process SAML request" and system log states "Unknown peer entity ID AnyValue"

       Actual result: System log states "org.opensaml.messaging.decoder.MessageDecodingException: No SAML message present in request"

        Attachments

          Activity

            People

            Assignee:
            della.wang Della Wang (Inactive)
            Reporter:
            stian.sigvartsen Stian Sigvartsen
            Participants of an Issue:
            Recent user:
            Nóra Szél
            Engineering Assignee:
            Stian Sigvartsen
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              28 weeks, 6 days ago

                Packages

                Version Package
                Master