SAML SSO Login issue

[harish lal <ha...@gmail.com>]

Facing SSO Login issue after upgrade from Tomcat 6.0.33 to Tomcat 7.0.62

We upgraded our application from Tomcat 6.0.33 to Tomcat 7.0.62 due to web
socket dependency in Tomcat.
After upgrade , while try to do SAML SSO login from application we are
facing below issue ,

"This page isn’t working **** redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS"

Once we clear the whole cookie from the browser , it navigate to login page
and again it is failing while do Saml Sso login
If we remove only the "JSESSIONID" from the cookie , the application able
to login with the Saml sso credentials .

This issue is not happening in the older version of Tomcat 6.0.33 , even in
the Tomcat 7.0.12 version .
Issue is reproducing from the Tomcat 7.0.14 version onwards.

We tried in many ways to resolve the issue . Kindly help me on this to
resolve the issue.

Thanks in advance

Re: SAML SSO Login issue

[Olaf Kock <to...@olafkock.de>]

On 11.05.22 17:36, harish lal wrote:
> Facing SSO Login issue after upgrade from Tomcat 6.0.33 to Tomcat 7.0.62
>
> We upgraded our application from Tomcat 6.0.33 to Tomcat 7.0.62 due to web
> socket dependency in Tomcat.
> After upgrade , while try to do SAML SSO login from application we are
> facing below issue ,

Do you know that you "upgraded" to a version released in 2015 (see
https://archive.apache.org/dist/tomcat/tomcat-7/), which has seen its
end of life last year (see https://tomcat.apache.org/tomcat-70-eol.html)?

As a quick minimum - if you now have a hard dependency on Tomcat 7, you
should use the end-of-line 7.0.109 - maybe your issue is fixed in that
release already. In general (and if it isn't fixed) I'd recommend to go
to the latest in the 8.5 or 9.0 line and try to reproduce. I doubt
someone will start debugging 7 years old code that explicitly went out
of service more than a year ago. If you're lucky, someone will remember
something.

In case you still can reproduce: I'm quite uncertain what your phrase
"/If we remove only the "JSESSIONID" from the cookie/" means. Also, you
might want to look at all of the redirected requests and identify if
they're identical to each other, or where they're different.

Best,

Olaf

Re: SAML SSO Login issue

[Christopher Schultz <ch...@christopherschultz.net>]

Harish,

On 5/11/22 11:36, harish lal wrote:
> Facing SSO Login issue after upgrade from Tomcat 6.0.33 to Tomcat 7.0.62
> 
> We upgraded our application from Tomcat 6.0.33 to Tomcat 7.0.62 due to web
> socket dependency in Tomcat.
> After upgrade , while try to do SAML SSO login from application we are
> facing below issue ,
> 
> "This page isn’t working **** redirected you too many times.
> Try clearing your cookies.
> ERR_TOO_MANY_REDIRECTS"
> 
> Once we clear the whole cookie from the browser , it navigate to login page
> and again it is failing while do Saml Sso login
> If we remove only the "JSESSIONID" from the cookie , the application able
> to login with the Saml sso credentials .
> 
> This issue is not happening in the older version of Tomcat 6.0.33 , even in
> the Tomcat 7.0.12 version .
> Issue is reproducing from the Tomcat 7.0.14 version onwards.
> 
> We tried in many ways to resolve the issue . Kindly help me on this to
> resolve the issue.

Tomcat does not support SAML-based SSO without some other component 
handling the SAML stuff. I recommend that you present your SAML library 
vendor with this trouble report.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org