Calling ProcessSAMLResponse() on SAML AuthN Response results in “Possible replay attack occurred as there is no login/logout information associated with this request” exception.
I am experimenting with the CF2021 SAML module but am stumbling and have been unable to find a solution. An exception is thrown when I call ProcessSAMLResponse() with the message:
Possible replay attack occurred as there is no login/logout information associated with this request.
The XML request and response objects look okay to me. InitSAMLAuthRequest() sends a valid Request to the IdP, the IdP works its magic and sends a valid Response back to the SP ACS.
For these tests I am using ColdFusion 2021 Standard Update 3. The SP Request Store is set to Default. Application Client and Session management is enabled.
I suspect that I am missing some very basic configuration setting or prerequisite that is either not documented or that has eluded me. I am guessing that InitSAMLAuthRequest() is not populating the cache with the data that ProcessSAMLResponse() is looking for but I do not yet know how to dive in and inspect those details further.
Any thoughts or suggestions?
I think this happened to me too. On IDP initiated sign in, it would throw that error, but for whatever reason, it wont if it is coming from the SP. So I threw everything inside a try catch and when it catches that error, i forward the user to the SP initiated sign in page and then it works fine.
Is anybody aware of a complete SAML code example with CF as the Service Provider? I have seen the code snippets of InitSAMLAuthRequest() and ProcessSAMLResponse() but not a complete HTML/CFML example. I must be missing something with the CF Application configuration or file permissions or something…
Its pretty new so theres not much out there, but this is the best one I have found: http://ciacfug.org/blog/round-trip-from-coldfusion-to-okta-using-saml-and-coldfusion-2021b
Justin, I want to share for you and others here that sadly that ciacfug.org site (Central Illinois Area CFUG) site seems to have been lost to hackers (at least as I try that URL today). Here is a link to the post via the good ol’ internet archive/wayback machine.
Also, there was a useful post from Adobe from around the time of CF2021’s release (with working example code, which I can confirm does work).
I know these are not addressing the problem Yummy raised in the original post here, but it is addressing the subsequent question of examples of it working.
You must be logged in to post a comment.