Federation IdP initiated transaction entering in a redirection loop
search cancel

Federation IdP initiated transaction entering in a redirection loop

book

Article ID: 6225

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When you call the Federation IdP initiated URL, you are being redirected to a blank page after a while, when you would expect to be redirected to the Authentication URL. Reviewing the logs you can see that the transaction is entering into a loop and each time adding more repeated fields in the query URL:

https://_host.example.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SPID=https://mysite.com&SAMLTRANSACTIONID=10adaa10-aba5ea9d-a945b9a7-ccc25e84-8ca771f9-171&SAMLTRANSACTIONID=4fcddc0b-d42fee99-ece8d1af-f1e82878-347a58b2-d&SAMLTRANSACTIONID=105e233e-fa2165be-3849db9a-a91f7dc5-ba2a11c4-30&SAMLTRANSACTIONID=1e255f14-29dd3b2d-3da634f4-8f191b08-380e8c75-5&SAMLTRANSACTIONID=38cb4c64-2ab5f5aa-d4334ebc-233018ad-01101a2b-63&SAMLTRANSACTIONID=d45a8cfa-1bbe4abd-add9c82e-3d8474f7-88343d2d-1&SAMLTRANSACTIONID=3e3a1a6d-432c2647-f8fa9ab0-8d4f940c-54670f89-b8&SAMLTRANSACTIONID=24848ed3-26a5380c-365918c7-41f2f2d6-b7267678-f70&SAMLTRANSACTIONID=13b33514-63ad6a57-470ca506-5763a5de-3053ce1a-c29&SAMLTRANSACTIONID=134099af-d3e9e70e-bd7104a6-42e4fd73-88a89221-59

 

Environment

Policy Server : R12.X up to the current release as of November 2023

Resolution

This issue is caused when the redirect page is unprotected, as it tries to redirect the request again and entering the loop as described. To solve this issue you need to protect the redirect page with a policy as mentioned in the following document:

Protect the Authentication URL to establish a Session