Working on SSO in ColdFusion 2021 Cluster environment with 2 instances, getting the following error when attempting login via SSO more than once. Believe this is related to Saml Ehcaching, but not finding any documentation on this. Error Message "Possible replay attack occurred as there is no login/logout information associated with this request." Has anyone experienced this or know how to resolve? Thanks in Advanced

Check the exception and application logs; also test after clearing your cache on the servers

Hi Patrick, I've checked the logs, not seeing anything except the error message mentioned. Same user attempting to login, sending the same IDP and SP and redirected to the same ACS URL. Error occurs when getting the response from the IDP and using ProcessSAMLRespones(IDP, SP) function. Will work once, then fails afterwards. When initiating the second login attempt, the IDP doesn't require my username since I'm still logged into the system. That might be part of the issue as the SSO response struct authenticated and loginID are not present. Form post info is provided. I'll keep digging, Thanks

yea that seems to be part of the problem

A number of developers have reported the same error in the Adobe ColdFusion forum.

FYI, Was able to get SSO working in a ColdFusion cluster environment by allowing SAML Cache Replication in <instance>/lib/auth-ehcache.xml. I would like to be able to transfer 509 certs between environments. When using signed 509 cert for the Service Provider (CF Generated), the listed password to open that keystore doesn't work. Is there a step I'm missing? Keystore = signKeystorePath signkeystorePath is listed in the neo-saml.xml file