Shibboleth Developers

[André Cruz <>]

Hello all.

I have a cluster of 4 nodes running IDP 1.3.3 with HAShib and I use  
the Browse/Artifact profile. I had already noticed that I get some  
"Rejected replayed artifact" on the SPs from time to time but only now  
I got the time to investigate.

It seems that it is possible for 2 users to get the same ArtifactID  
when doing SSO. At least that's what I think I'm seeing. I read that  
this ID is made of a sourceLocation (so it's always the same for each  
IDP) and a random part. I tried to look up this code but got as far as  
opensaml and just thought it would be faster if I just asked here.

Does the IDP check to see if there is already an artifact with that ID  
in the store? Can we add a prefix to this id so at least it's unique  
per cluster node?

Also, I read something about type 1 and type 2 artifacts but can't  
find anything about it in the documentation... Can someone point me to  
information regarding them? What type should I be using?

Thanks,
André