Thanks for the log. It doesn't show any obvious issues.
The code you attached is for the SSO session store rather than the ID cache. It's the ID cache where SAML assertion IDs are stored to detect replay attacks.
I suspect there's an issue with the ID cache implementation. I suggest setting a breakpoint to see what the Add method is returning. It should return true if the ID doesn't already exist in the cache. If it returns false, we'll throw the exception you're seeing.
There is no delete method in this interface. Instead, an expiry date/time is specified when an ID is added. The cache should remove the expired entries. Even if this wasn't working, you wouldn't get the exception you're seeing as each ID is unique. However, the cache would eventually fill with expired IDs.
Regards ComponentSpace Development
|