Shibboleth Developers

[<>]

I noticed that when the IDP redirects a user from a SSO profile URL to the Authn Handler URL it generates the a full URL for this redirection.  For example my AuthnRequest was posted to:

 

http://mycname.mycdomain/idp/profile/SAML2/POST/SSO

 

and I was redirected to

 

http://myaname /idp/Authn/RemoteUser

 

I assume this affects all the Authn profiles, but it might just be remote user, since that is what I am testing against.  I had the hostname on my machine (Windows) not configured to match the hostname I use in the federation.  After a successful authentication, the software loses the authentication context, because it goes back to the http://mycname.mycdomain/  URL. 

 

Anyway, it’s a strange bug that confused me until I realized my machine was configured to use my real hostname (which may or may not be considered incorrect), but within the federation, I am strictly using CNAME based hostnames for the sake of shorter and more meaningful domain names.  In this case, it broke the functionality and I had to change the name of my computer locally.

 

It seems like it might be possible to generate the Authn/RemoteUser redirect URL as a relative path.  If so, this might make things easier for some.