|
We have a Dev environment with a single node IdP and three configured SPs.
There are two ways I can log into all the SPs at the same time (no password required after the first login, of course):
1 ) Login to 1 SP first, then open two new browser tabs and login to the other SPs
2 ) Open 3 browser tabs, and attempt to hit protected resources on all three SPs
-
All three tabs will be redirected to the IdP login page
-
Enter credentials on one of the login screens
-
Then refresh the other two tabs (already have AuthnRequests to their respective SPs)
It seems that when using method 2 above, all of the SPs pass their own SAMLRequest to the IdP and they all work fine on logout.
But using method 1, each additional SP (after the first login) gets a jsessionid appended to the URL after being logged in. If the user tries to hit the SP/GLO=true on any SPs other than the one that was logged in first, then GLO does not work.
|
