Spring SAML integration with WSO2 Identity server, SAML Message ID not reconised

Question

I have taken the Spring SAML example (see section 4.2 in this guide) which works with the Open source login page SSO, and tried to add support to use WSO2 Identity Server as

Answer 1

Both Spring SAML and your IDP WSO2 server are deployed on the same domain - localhost. This is what happens:

• Spring SAML creates an HTTP session (JSESSIONID - 82F3ECD1A1E4F9B7DB0134F3129267A5) and initializes single sign-on
• WSO2 accepts the request and authenticates the user, but creates its own session (JSESSIONID -C34B21931C53080487B5B9BA6EB490D2) and redirects user back to Spring SAML
• container running Spring SAML receives the cookie with JSESSIONID (C34B21931C53080487B5B9BA6EB490D2), but as it doesn't recognize such session it creates a new one (E712A8422009613F6FD3901327690726)
• Spring SAML tries to verify received SAML message based on the original request, but it cannot be found because the original session is now gone

The easiest way to fix this is to change session cookie name for Spring SAML or WSO2. You could also deploy your applications on different domains (for example by giving your localhost an alias in the hosts file - /etc/hosts or %systemroot%\system32\drivers\etc\hosts)