As Richard noted, I suspect it's a cookie issue. Specifically I suspect it's the session ID cookie. I don't know if Shib will handle this appropriately (I think it doesn't) but to verify my assumption you could try adding the attribute cookies="false" to your <Context/> description (either in conf/context.xml or in a context deployment descriptor specifically for the IdP). Adrian Barker wrote: > Chad La Joie wrote: >> Adrian, maybe I missed it, but how are you performing the >> authentication? A Tomcat realm with form-based login? > > Yes, a form-based login page. Our Library wanted to be able to put links > and help information on the Shibboleth login page, rather than just have > the browser pop-up window. The problem is the same as the one Rhys Smith > describes, except that sometimes the login page is returned, rather than > the '408' error, and that it happens with IE 6. > > Adrian Barker. > > >> Adrian Barker wrote: >>> The problem on the 'mail-archives.apache.org' page was that the person >>> waited 30 minutes before authenticating, then received a time-out >>> message when using IE but a different message when using Firefox. The IE >>> problem that we have is different - we immediately see the time-out >>> message. We do use jsp for the authentication page, but it's not clear >>> why there is a problem with IE but not with Firefox. >>> >>> >>> Adrian Barker. >>> >>> >>> >>> Simon McLeish wrote: >>>> Hi Adrian, >>>> >>>> I suspect this is a tomcat problem not a Shibboleth problem - exactly >>>> the same question has come up in a non-Shib context at >>>> http:[log in to unmask] >>>> (though no helpful answer). But you might find the tomcat logs useful >>>> for diagnosis. If you've changed your tomcat configuration recently (or >>>> apache/mod_jk, if that's your current architecture), that might be the >>>> source of the problem. >>>> >>>> Cheers, >>>> Simon >>>> Adrian Barker wrote: >>>>> Is anyone having problems accessing Shibboleth resources using IE ? I >>>>> can access various Shibboleth resources via our IdP using Firefox, but >>>>> using IE, either the error: >>>>> HTTP Status 408 - The time allowed for the login process has been exceeded >>>>> >>>>> is returned, or the IdP login page. This is with the current version of >>>>> IE 6. >>>>> >>>>> >>>>> >>>> Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm > > -- Chad La Joie 2052-C Harris Bldg OIS-Middleware 202.687.0124