Hi,

We are having problems accessing protected resources. The situation is
as follows:

We have 4 IDS. The IDP URL is https://login.company.com/nidp
We have 4 LAGs. The ESP URL is https://esp.company.com. It is not a
dedicated ESP.

The URL of one of the applications is https://application.company.com.
These applications have protected resources.

Everything is balanced by VIPS of F5 devices.

When the ESP and the application are served by the same LAG everything
works OK.
When the ESP and the application are served by different AG the browser
enters into an infinite loop:

https://application.company.com/
http://tinyurl.com/ck2e3ax
http://tinyurl.com/d5uthkb

<login FORMA and afther authenticate>

https://login.company.com/nidp/idff/sso?sid=0
https://login.company.com/nidp/idff/sso?sid=0
http://tinyurl.com/bslykxc
https://application.company.com/
https://application.company.com/
http://tinyurl.com/ck2e3ax
http://tinyurl.com/cs778o7
http://tinyurl.com/bm3a4bw
https://application.company.com/

In the error log of the LAGS we can see these error:

Dec 13 12:52:49 SLINSSOAG10 SessionCacheD[3286]: RpcHandler -
SESSION_CACHE_ASSOCIATE_AUTHID authId session collision!

We have not found anything about this error in the knowledgebase
database of NetIQ.

Do you have reported what this error mean?

Many thanks,


--
jlmasmit
------------------------------------------------------------------------
jlmasmit's Profile: https://forums.netiq.com/member.php?userid=161
View this thread: https://forums.netiq.com/showthread.php?t=46376