Federation IdP initiated transaction entering in a redirection loop

Document ID : KB000006225
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When we are calling the Federation IdP initiated URL, we are being redirected to a blank page after a while, when we expect to be redirected to the Authentication URL. Reviewing the logs we are seeing that the transaction is entering into a loop and each time adding more repeated fields in the query URL:

https://www.mysite.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SPID=https://mysite.com&SAMLTRANSACTIONID=10adaa10-aba5ea9d-a945b9a7-ccc25e84-8ca771f9-171&SAMLTRANSACTIONID=4fcddc0b-d42fee99-ece8d1af-f1e82878-347a58b2-d&SAMLTRANSACTIONID=105e233e-fa2165be-3849db9a-a91f7dc5-ba2a11c4-30&SAMLTRANSACTIONID=1e255f14-29dd3b2d-3da634f4-8f191b08-380e8c75-5&SAMLTRANSACTIONID=38cb4c64-2ab5f5aa-d4334ebc-233018ad-01101a2b-63&SAMLTRANSACTIONID=d45a8cfa-1bbe4abd-add9c82e-3d8474f7-88343d2d-1&SAMLTRANSACTIONID=3e3a1a6d-432c2647-f8fa9ab0-8d4f940c-54670f89-b8&SAMLTRANSACTIONID=24848ed3-26a5380c-365918c7-41f2f2d6-b7267678-f70&SAMLTRANSACTIONID=13b33514-63ad6a57-470ca506-5763a5de-3053ce1a-c29&SAMLTRANSACTIONID=134099af-d3e9e70e-bd7104a6-42e4fd73-88a89221-59

Why is this happening and how we can solve this issue?

Environment:
Policy Server : R12.6.1Access Gateway : R12.6.1
Resolution:

This issue is caused when the redirect page is unprotected, as it tries to redirect the request again and entering the loop as described. To solve this issue you need to protect the redirect page with a policy as mentioned in the following document:

CA Single Sign-On R12.6.01 Configuring Partnership Federation : Protect the authentication URL to establish a session

Additional Information:

Other situations where a loop can happen on Federation IdP initiated are:

TEC1910717

TEC1828202

TEC1580684