State information lost : SImpleSAMLphp

Question

I have configured SSO using SimpleSAMLphp and ADFS. It works perfectly well when store.type is phpsession, however as soon as I switch to sql, I start to get State information lost error. Backtrace: 2 /var/www/simplesamlphp/lib/SimpleSAML/Auth/State.php:263 (SimpleSAML_Auth_State::loadState) 1 /var/www/simplesamlphp/modules/saml/www/sp/saml2-acs.php:78 (require) 0 /var/www/simplesamlphp/www/module.php:137 (N/A)

Php can create and write SQL file just fine. When expecting Simplesaml log file, I get the following error:

Jul 18 11:51:30 simplesamlphp WARNING [cbe4bc385b] Invalid AuthToken cookie.

or

Jul 13 15:57:16 simplesamlphp WARNING [7ef540ac02] Missing AuthToken cookie.

What this might be? and why it works just fine when session store.type is phpsession and it doesn't work when store type is sql?

I have tried to 'session.cookie.domain' => '.example.org', setting to make sure it is my domain 'session.cookie.secure' => true or false doesn't make any difference either.

I am wondering if anyone had anything similar happening?

Answer 1

I had a similar problem, but I was stuck in a loop with indefinite redirection, the problem was that the cookies on Edge browser were not set properly which caused SimpleSamlPhp to send request to eIAM again, which caused a back and forth redirection loop.. This was a problem only in Edge browser, Version 109.0.1518.55, in Mozila worked fine. Solved it by setting

'session.cookie.secure' => true,

Section

Browsers with SameSite=Lax as default

https://simplesamlphp.org/docs/1.19/simplesamlphp-nostate.html

Answer 2

I came across this issue in Internet Explorer, I added header('X-UA-Compatible: IE=8'); to header.php in my theme.