When Ipsilon server is configured both with PAM and Kerberos login managers, no redirect back to the service provider happens if the user does not have a Kerberos ticket and just logs in via PAM (logon form).
The sequence of HTTP requests is:
GET /idp/saml2/SSO/Redirect?SAMLRequest=... 303 GET /idp/login?ipsilon_transaction_id=079... 303 GET /idp/login/krb/negotiate?ipsilon_transaction_id=079... 401
at which point the logon form is presented, and upon entering correct login and password
POST /idp/login/pam 303 GET /idp/ 200
I'd expect redirect back to SP to happen.
This is with ipsilon-tools-0.4.0-1.fc21.noarch.
This is a duplicate of ticket #74.
design_link: => resolution: => duplicate status: new => closed
Login to comment on this ticket.