Calling ProcessSAMLResponse() on SAML AuthN Response results in “Possible replay attack occurred as there is no login/logout information associated with this request” exception.
I am experimenting with the CF2021 SAML module but am stumbling and have been unable to find a solution. An exception is thrown when I call ProcessSAMLResponse() with the message:
Possible replay attack occurred as there is no login/logout information associated with this request.
The XML request and response objects look okay to me. InitSAMLAuthRequest() sends a valid Request to the IdP, the IdP works its magic and sends a valid Response back to the SP ACS.
For these tests I am using ColdFusion 2021 Standard Update 3. The SP Request Store is set to Default. Application Client and Session management is enabled.
I suspect that I am missing some very basic configuration setting or prerequisite that is either not documented or that has eluded me. I am guessing that InitSAMLAuthRequest() is not populating the cache with the data that ProcessSAMLResponse() is looking for but I do not yet know how to dive in and inspect those details further.
Any thoughts or suggestions?
I think this happened to me too. On IDP initiated sign in, it would throw that error, but for whatever reason, it wont if it is coming from the SP. So I threw everything inside a try catch and when it catches that error, i forward the user to the SP initiated sign in page and then it works fine.
Is anybody aware of a complete SAML code example with CF as the Service Provider? I have seen the code snippets of InitSAMLAuthRequest() and ProcessSAMLResponse() but not a complete HTML/CFML example. I must be missing something with the CF Application configuration or file permissions or something…
You must be logged in to post a comment.
22 Sep 2025
Las Vegas, NV
