nik

I have tried with 'store.type' => 'phpsession', but the error is the same. Cookie is not generated I thought cookie is always needed for correct working.... Are there any known...

I don't see any cookie in the header of the request that comes from my SP to the IDP. I do see this though Set-Cookie: PHPSESSID=7aaded9874f7e3d62b554b2cabf09900; path=/; domain=.multicerta.local; HttpOnly; SameSite=None...

I use the SAML chrome extension. This is the AuthRequest from my SP: http://api.multicerta.local https://www.spid.gov.it/SpidL2 This is the POST from the IDP: http://spid-saml-check.local:8010/demo 8j+nOZFBEiz7nI1Z/oMxMA00KPceYblKL+wrwDIsXrg= YrAWPTkDxUv7gM6nm9UiG7xTveFGxcjuVuC6oJtVFJSAHK3Jlr4PUbzEt6I7bYE1oVoD8gshUGGYc1HlYmEM0CWNk7r5saw4od5yxgh4ES4g/102dqSVDXSj9CDLqUdPLjN3mBusPQY5HFtg217WDhG/1hWD/7bVlCCJ6M3+FuuePqp91wBRcWRUWh2voo+LKERi94PBQWz8+zgJQkSRUE+P/l3oACXpnxdc77FkE2bz4ZtHpaDfnAmArggh4tz0iWGzq5gKNrhJ+RDQnJgi7wIcVGy9cuFWoALXamP+BORTl31hxRE9v7VYf95JpBGAMKom//nV93S0xxqTMAIk4w== MIIEGDCCAwCgAwIBAgIJAOrYj9oLEJCwMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDAeFw0xOTA0MTExMDAyMDhaFw0yNTAzMDgxMDAyMDhaMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kJVo+ugRrbbv9xhXCuVrqi4B7/MQzQc62ocwlFFujJNd4m1mXkUHFbgvwhRkQqo2DAmFeHiwCkJT3K1eeXIFhNFFroEzGPzONyekLpjNvmYIs1CFvirGOj0bkEiGaKEs+/umzGjxIhy5JQlqXE96y1+Izp2QhJimDK0/KNij8I1bzxseP0Ygc4SFveKS+7QO+PrLzWklEWGMs4DM5Zc3VRK7g4LWPWZhKdImC1rnS+/lEmHSvHisdVp/DJtbSrZwSYTRvTTz5IZDSq4kAzrDfpj16h7b3t3nFGc8UoY2Ro4tRZ3ahJ2r3b79yK6C5phY7CAANuW3gDdhVjiBNYs0CAwEAAaOByjCBxzAdBgNVHQ4EFgQU3/7kV2tbdFtphbSA4LH7+w8SkcwwgZcGA1UdIwSBjzCBjIAU3/7kV2tbdFtphbSA4LH7+w8SkcyhaaRnMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdIIJAOrYj9oLEJCwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJNFqXg/V3aimJKUmUaqmQEEoSc3qvXFITvT5f5bKw9yk/NVhR6wndL+z/24h1OdRqs76blgH8k116qWNkkDtt0AlSjQOx5qvFYh1UviOjNdRI4WkYONSw+vuavcx+fB6O5JDHNmMhMySKTnmRqTkyhjrch7zaFIWUSV7hsBuxpqmrWDoLWdXbV3eFH3mINA5AoIY/m0bZtzZ7YNgiFWzxQgekpxd0vcTseMnCcXnsAlctdir0FoCZztxMuZjlBjwLTtM6Ry3/48LMM8Z+lw7NMciKLLTGQyU8XmKKSSOh0dGh5Lrlt5GxIIJkH81C0YimWebz8464QPL3RbLnTKg+c= ErrorCode nr21 or perhaps...

[SAMLChromeExport-.zip](https://github.com/simplesamlphp/simplesamlphp/files/9584212/SAMLChromeExport-.zip) Do you mean this?

[SAML-tracer-export-2022-09-16T13_47_32.913Z.zip](https://github.com/simplesamlphp/simplesamlphp/files/9584567/SAML-tracer-export-2022-09-16T13_47_32.913Z.zip) What about this? in application log I see this: Sep 16 13:46:52 simplesamlphp DEBUG [2b8a6189e1] Session: 'service' not valid because we are not authenticated. Sep 16 13:46:52 simplesamlphp DEBUG...

There is no reverse proxy, containers communicate directly through internal docker compose network Consider that the same setup works if I enable https on both parts with the same configuration

Well .. it's not entirely true .. actually I do have traefik installed but I don't see how it can be involved in this problem ...

I have already that setted: 'baseurlpath' => 'http://api.multicerta.local/multicerta-spid/',

No excuse me perhaps I did not explain myself clearly. Now my SP is in http. I meant that if I use both SP and IDP in https everything works...

Based on your experience this is something that the library could support? I mean use it with plain http?