The mailing list for listmasters using Sympa

[Mickey Bowling <address@concealed>]

Our environment:

OS: Amazon Linux 2 

Sympa 6.2.72

Apache 2.4.61

Shibboleth 3.4.1

We are using Shibboleth as the SP for Sympa application.   Our IDP is OKTA.  I have configured the Sympa OKTA application and Shibboleth to work using SAML2.   At the moment I am able to initiate SP authentication (via a login button on Sympa) which takes me to OKTA to authenticate, then pass back over to Sympa and ends up on the home page, but not as the authenticated user.  

I have also tried protecting the entire Sympa page by adding that as a protected directory.  Doing so redirects me to OKTA when I land on the Sympa page.   From there I am able to authenticate and it brings me back to Sympa landing page, but not as the authenticated user, but rather a non user.  If a user is not assigned the application in OKTA, then they immediately get a notification that they are not assigned the application.

Does this mean that Shibboleth is getting a valid session from OKTA and Sympa doesn't know how to process this session?