[IdP] session.DestinationUrl being cleared (connecting to adfs)

[IdP] session.DestinationUrl being cleared (connecting to adfs)

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

Hi, 

Apologies, I know there have been a couple of posts concerning a similar issue, but I've checked them out and haven't been able to solve the problem. Basically, the session.DestinationUrl is set correctly on the way out to adfs in the doLogin preparation:

But has been lost (as have all session variables, I tried adding a random one and that got cleared as well) when arriving back at the preparation of the idp page:

Our idp server configuration is:


According to the SAML logs, the authentication request and response are both fine. We're not switching Tenants by the way, which was a possible reason given in another discussion.

Anybody have any ideas that might point us in the right direction?

Thanks

Steve Finch

Hi Steve,

First it's to check and confirm that IdP and your IDPTest are on the same user provider and tenant.

If yes, then check if the browser URL hostname (including the schema) is exactly the same when you are trying to login, and then when you receive the SAML response. Please check the cookies to confirm that if for some reason you land on a new session with a new session cookie Id being set by the server (through the browser dev console).

Regards.

PS - there was a bug about this, but only with HTTP-Post bind for Authn Request and was fixed in the last version.

Telmo Martins wrote:

Hi Steve,

First it's to check and confirm that IdP and your IDPTest are on the same user provider and tenant.

If yes, then check if the browser URL hostname (including the schema) is exactly the same when you are trying to login, and then when you receive the SAML response. Please check the cookies to confirm that if for some reason you land on a new session with a new session cookie Id being set by the server (through the browser dev console).

Regards.

PS - there was a bug about this, but only with HTTP-Post bind for Authn Request and was fixed in the last version.


Hi Telmo,

Thanks for the response. User provider and Tenant were the same, but the domain names were getting changed. We've been accessing our dev apps using the IP address, and I'd configured the IDP to use the IP addresses throughout, but for some reason, it was coming back to the app using the full dev domain: https://worcestershire-dev.outsystemsenterprise.com/IdpTest

Checked the cookies as you suggested and I could see two being created, one for the IP and one for the domain.

If I run the app starting from https://worcestershire-dev.outsystemsenterprise.com/IdpTest it works fine. 

I'll get everyone to use this address instead of the IP in future, and our QA and Production environments already have domains, so should be okay.

Thanks for your help,

Steve

Hi Steve,

Great news. However in the future if you found any scenario that for some reason the hostname URL are not the same at login time, you can configure the Login default URL (Internal settings tab). With this configuration value, if not empty, after a successful login the browser will be redirected to that URL regardless the value that it's on DestinationUrl session variable.

Regards