Invalid pdata causes SAML login to fail after logout
Concerned version
Version: 2.0
Summary
- Browse to a SP
- Portal shows login form and creates a issuerRequestSAML pdata
- Fill login form
- be redirected to SP successfully
- Logout
- Browse to SP again
- Portal shows the login form but does not recreate a issuerRequestSAML, and uses the same token from the first time instead
- "An error occured during SAML authentication"
Logs
First time:
LLNG[9822]: Store issuer request
LLNG[9822]: Token 1554223232_-28414 created
LLNG[9817]: Trying to load token 1554223232_-28414
LLNG[9817]: Restoring request from 1554223232_-28414
Second time:
LLNG[9816]: Trying to load token 1554223232_-28414
LLNG[9816]: Bad (or expired) token 1554223232_-28414
Possible fixes
- Quick and dirty fix: restart your web browser after logout
- Real fix: clear the pdata after SAML login, or at least make sure a samlIssuerRequest is generated each time