Wrong login status after successful login to the IdP

[jecaro]

I've managed to login to the app with Azure AD and samltest.id. Both of theses IdPs redirect me to /sp after a successful login. But /sp still shows me [not logged in]. Hitting F5 doesn't help.

Weirdly enough when I reach the URL bar of my browser with the mouse and hit Return, the page correctly shows me the login status like:

[logged in as {https://xxx/xxx/}xxx@xxx]

I see the same behavior with chrome and firefox.

[fisx]

Can you give more details how to reproduce this? Maybe even a failing test case?

[jecaro]

Sure. These are the config files I use:

server.yaml

logLevel:   Debug

spHost:    localhost
spPort:    8888
spAppUri:  https://xxx.ngrok.io/sp
spSsoUri:  https://xxx.ngrok.io/sso

contacts:
  - type: ContactSupport
    company: evil corp.
    givenName: Dr.
    surname: Girlfriend
    email: email:president@evil.corp
    phone: '+314159265'

idps.yaml

- id:         80a0ba2d-237a-4ddf-986b-88b97b12ae80
  # = Url to fetch metadata
  metadataURI:   https://portal.azure.com/f397f50e-5007-4245-813b-efea22827706
  metadata:
      # = metadata.xml entityID
      issuer:     https://sts.windows.net/bf7eae53-6c24-487a-b6c5-2d317d607652/
      # = metadata.xml binding Single Sign On Service
      requestURI: https://login.microsoftonline.com/bf7eae53-6c24-487a-b6c5-2d317d607652/saml2
      #
      certMetadata: <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGriPYV/Z4ZpH+H/JfEB2VTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTExMTIyMDU0NDRaFw0yNDExMTIyMDU0NDRaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJ5Ns0yWwq6HQYGLG+W06Q3VnQN3TfbYcFJrXfSDk4M2+mcKQpezB28rfWJ/gnec6dIachTav+r2loUW1AN2BT+usVMaHQykreZ5K16Q2DYFIHixjcDo1oynIcom29d6edZueO1Xwe6KkGgAb8TEanmQF5bMcFSXu9kFsAA0Lc9cpcxXZmkE23bzf4ZM4T6CzMSQklqJnnyEf6DO2VZfYK8SWjW3zc3V1YBwms77EQalFJOdmyOn6TqJ0ar5gb1uZkCi5SGT4+EsJz9jftXuprBBrVOZIb+FrYEyS4WdwGyDXLnNjd7TG668psmuIbK9erkWeD5InQWmT8MAFeKtLQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCRewdwaM1pHx0caFF6uBj43k44XM0L5b4OM3cLAaEXQOxd4pf0ilzk0ffhEozvPwFLx9W+FyILsiLLWLQD2uCk9VmbRCmi8evgHdKoFfGt/UZN9MXAk7ue8RVHLssygp4JZ6qOZ449qHjzzy8mWrwHVrRNN0WS9NNAjsuxKqNTfyWq3ZZUOWxWQykLxFl0xRZZMnhLAf462/+L/uK8hVmF5HvSf/4SewjgTNtIHbA5ftucTm8D//HkBthiM2C/HCqIdbfc9sgsux0P2f+4r1yLp2nOimI8vESAQUkwfBkdeKzGtEx4d2hlawrH51PkFSTxW1UgX6l558v6EVbQVFO5</X509Certificate></X509Data></KeyInfo>
      certAuthnResponse:
          - <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQGriPYV/Z4ZpH+H/JfEB2VTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTExMTIyMDU0NDRaFw0yNDExMTIyMDU0NDRaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJ5Ns0yWwq6HQYGLG+W06Q3VnQN3TfbYcFJrXfSDk4M2+mcKQpezB28rfWJ/gnec6dIachTav+r2loUW1AN2BT+usVMaHQykreZ5K16Q2DYFIHixjcDo1oynIcom29d6edZueO1Xwe6KkGgAb8TEanmQF5bMcFSXu9kFsAA0Lc9cpcxXZmkE23bzf4ZM4T6CzMSQklqJnnyEf6DO2VZfYK8SWjW3zc3V1YBwms77EQalFJOdmyOn6TqJ0ar5gb1uZkCi5SGT4+EsJz9jftXuprBBrVOZIb+FrYEyS4WdwGyDXLnNjd7TG668psmuIbK9erkWeD5InQWmT8MAFeKtLQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCRewdwaM1pHx0caFF6uBj43k44XM0L5b4OM3cLAaEXQOxd4pf0ilzk0ffhEozvPwFLx9W+FyILsiLLWLQD2uCk9VmbRCmi8evgHdKoFfGt/UZN9MXAk7ue8RVHLssygp4JZ6qOZ449qHjzzy8mWrwHVrRNN0WS9NNAjsuxKqNTfyWq3ZZUOWxWQykLxFl0xRZZMnhLAf462/+L/uK8hVmF5HvSf/4SewjgTNtIHbA5ftucTm8D//HkBthiM2C/HCqIdbfc9sgsux0P2f+4r1yLp2nOimI8vESAQUkwfBkdeKzGtEx4d2hlawrH51PkFSTxW1UgX6l558v6EVbQVFO5</X509Certificate></X509Data></KeyInfo>
  extraInfo:  []

Then I go to this page:

https://xxx.ngrok.io/sso/authreq/80a0ba2d-237a-4ddf-986b-88b97b12ae80

I'm correctly asked to login to microsoftonline.com. Then I'm redirected to:

https://xxx.ngrok.io/sp

I see the message [not logged in] and the button to login. F5 same message. Then I go the url bar, hit Return then I see the logged in message and the logout button.

I have setup my IdP on azure following this tutorial: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial

As I said, I see the exact same behavior with samltest.id

Hope this help.