Baama
Reputation: 2642
pac4j saml changes session (creates new one) during callback
So I use both pac4j saml and pac4j oidc. I noticed that the saml implementation does not maintain the session on-callback; a new one is created so I lose the state stored in the session store for that session.
Is this a known bug? I am using pac4j-saml version 5.7.7
Upvotes: 0
Views: 30
Answers (1)
jleleu
Reputation: 2699
To prevent some kind of session hijacking, the session is renewed on callback, but this can be disabled via the renewSession setting.
Upvotes: 0
Related Questions
- Pac4j-core: DefaultAjaxRequestResolver.buildAjaxResponse return as null during Keycloak and Shiro integration in Apache Zeppelin
- Change the value of RelayState in SAML pac4j in vertx
- Using a web application as SP with vertx and pac4j with SAML does not logout correctly
- ID token is cleared during storage to session
- Disabling the session store with pac4j-saml?
- pac4j raises "State cannot be determined" after OIDC callback and Keycloak provider
- pac4j saml generate sp metaData
- pac4j /callback endpoint anonymous?