/mellon/postResponse does not create a sesstion and the login flows entered an indefinite loop

[CHAORYU]

First,I'm sorry to hear that this project was closed. Really a sad story.
And here is my question:
I'm working with the keystone federation function, and I choose the mod_auth_mellon to help keystone to support the SAML protocol.
My problem is when the flow goes to the .../mellon/postResponse,this handler doesn't create a session for the user (or to say does not set the cookie),then the flow entered into an indefinite loop between IdP and SP. I don't know why .../mellon/postResponse doesn't contains the set-cookie in its Response Header?
Help,thank you.

[CHAORYU]

ps:this is the networking log File
Archive 20-07-22 03-29-04.txt

[thijskh]

The project is not closed and quite alive.

After your login succeeds on postResponse you are redirected again to mellon/login. This is indeed not expected. However, this is hard to debug without any logging finromation or information about your configuration. Likely it helps to enable Mellon diagnostics. Based on the logs you can probably make a start to find out where the problem originates.

[jrajax]

May or may not be related, but I once saw similar behavior (an indefinite loop between /postResponse and /login), when the users logged in at the Idp with a username casing different from what is stored in the app behind Mellon. We were using the SAML NameId as the username in the app behind Mellon and since the Idp was case-insensitive on usernames, it happily put the wrong cased username in the SAML assertion. This resulted in the case sensitive app not finding the user and redirecting to the Idp, who found a valid session and sent the browser back to the app, etc.

[a-n-d-i]

I had the same issue last week, worked fine on ubuntu 20.04, moved config to a 18.04, redirect loop. Upgraded the machine to 20.04 and it works like a charm. Maybe this helps chasing the issue down or mitigating it.