I have exactly the same issue as described in TID 7015780

The solution in TID is:


Added a tomcat filter that stripped the sid parameter coming into the SAML2 IDP server eg.

String sid = (String) session.getAttribute("sid");

if(sid != null)
httpReq.setAttribute("sid", sid);

Applying that to the IDP as a tomcat filter worked around the issue.


Does anybody knows what exactly is "tomcat filter"? I thought that
tomcat filters are defined in web.xml.
Or is that just part of jsp code which should be added to kerberos
fallback method jsp page?

thanks and regs s

sebastijan's Profile: https://forums.netiq.com/member.php?userid=271
View this thread: https://forums.netiq.com/showthread.php?t=56583