Shibboleth Developers

["Scott Cantor" <>]

> Maybe I didn't properly name the records in the shibd.log. I referred to
> the following entries:

Those aren't timeouts. If they were sessions, they'd be exceeding their
lifetime plus whatever slop in the cache is indicated, but they're probably
just replay checking IDs being tossed out.

> I should rather call it session expiry, right?

No, it's neither.

> Using "HTTP live headers" on Firefox showed that the SP did not set the
> cookie.

Meaning what, no Set-Cookie, or no Cookie sent back afterward? I don't know
of any bug here, not for a while, so I'll test it (again) when I have a
chance. I don't test with IIS all that often, maybe the cookie setter broke.

> Comparing shibd.log with a working Shib2 SP on Linux, the Windows
> SP's shibd.log does not contain "shibd.Listener [2]: dispatching message
> (find::Remoted::SessionCache)".

That's because the cookie isn't coming back in (whatever the reason), so
there's nothing to check.

> In shibboleth2.xml, there's a line for the "Remoted" SessionCache. Do I
> have to change something there?

No.

I assume this isn't just an http server with a cookieProps of "secure"?

-- Scott

<<attachment: winmail.dat>>