Hi Dilshani, In Travelocity app, once the user gets authenticated, on the Travelocity server side it creates a session (this implementation can by following the SSO-AgentFilter [1]).
Web applications use cookies to communicate details about the sessions created on the server side to the front-end (or to the browser). Then when a request comes from the browser to the server-side, in the request header browser includes the cookies that have been saved against that particular domain. As a request comes to the server side (tomcat container in travelocity example), server-side retrieves the session using this cookie details. Cookie acceptance policy is different from browser to browser unless otherwise specified in the cookie spec [2]. So in some cases, some browsers might not accept some cookies. localhost domain, ip can be some examples. When the cookie is not accepted by the browser it will not send the cookie back with requests. Because of this server-side fails to retrieve the session. This can be the reason for the problem you face. Please feel free to ask anything that is not clear. [1] https://github.com/wso2-extensions/identity-agent-sso/blob/master/components/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java [2] https://tools.ietf.org/html/rfc6265 Best, Thilina. On Tue, Nov 14, 2017 at 10:29 AM, Dilshani Subasinghe <dilsh...@wso2.com> wrote: > Hi, > > @ Hasintha/Godwin - As Thanuj explained here, it is the session created by > Travelocity which keeps SAML2 assertion. I misunderstood the scenario as it > is going to set by SAML 2 flow by WSO2 IS. I will look into Travelocity > logic which set the cookie here. > > Thanks Thanuja for the explanation. > > Regards, > Dilshani > > On Tue, Nov 14, 2017 at 10:22 AM, Godwin Shrimal <god...@wso2.com> wrote: > >> Hi Dilshani, >> >> What do u mean by "while sending the SAML request it may not set the >> session." and "it may attach session correctly in the request." ? >> >> I am not clear what are you referring attaching session in the request >> here? >> >> >> Thanks >> Godwin >> >> On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe <dilsh...@wso2.com> >> wrote: >> >>> Hi IS Team, >>> >>> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer >>> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and >>> moved the setup to cloud instance. >>> >>> When it is working in cloud set up, it identified that while sending the >>> SAML request it may not set the session. I used IP instead of hostname. >>> When we give hostname in assertion URL, it may attach session correctly in >>> the request. >>> >>> Is that the expected behavior? Why we can't attach session correctly >>> with IP. I tried to use IP as we may have to add hostname as we accessing >>> it remotely. Any solution for that? >>> >>> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti >>> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity >>> >>> Thanks, >>> Dilshani >>> >>> -- >>> >>> Dilshani Subasinghe >>> Software Engineer - QA *|* WSO2 >>> lean *|* enterprise *|* middleware >>> >>> Mobile : +94773375185 <+94%2077%20337%205185> >>> Blog : dilshani.me >>> >>> <https://wso2.com/signature> >>> >> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> > > > > -- > > Dilshani Subasinghe > Software Engineer - QA *|* WSO2 > lean *|* enterprise *|* middleware > > Mobile : +94773375185 <+94%2077%20337%205185> > Blog : dilshani.me > > <https://wso2.com/signature> > -- *Thilina Madumal* *Software Engineer | **WSO2* Email: thilina...@wso2.com Mobile: *+ <+94%2077%20767%201807>94 774553167* Web: <http://goog_716986954>http://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
