Login Stuck in Endless Redirect Loop - PhP - SimpleSAMLPhP

Hello!

I’ve spent the past week installing and configuring SimpleSAMLPhP in my application to set up Okta as the IdP and my app/SimpleSAMLPhP as the SP. I believe I’ve gotten my configuration right, but I’ve ended up in a spot that I’ve seen a few other people on these forums ends up in: an infinite redirect loop. The other situations don’t quite match up perfectly with what I’m experiencing, and I haven’t been able to use the answers there to resolve my issues.

Resources I used in my configuration:
SimpleSAMLPhP docs
Okta SimpleSamlPHP Example

I’m working in a local environment and I’ve been able to successfully test my configuration using the SimpleSAMLPhP interface. This app is built using the Yii framework

Okta config:
SSO Url: https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/okta-local
(box checked for both recipient and destination URL being the same)
DestinationURL: https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/okta-local
DefaultRelayState: https://localhost/catchokta?saml_sso=okta-local

When I start the IdP-initiated flow, after the IdP (okta) authentication has occurred, a new tab is opened and I am directed to my application:

In my DevTools Network Tab, i watch the following occur once you use the link to your “app” from your Okta home page

GET to a myorg. okta .com/home/STUFF - 302

GET to a myorg. okta .com/app/STUFF - 302

GET to a myorg. okta .com/app/STUFF/sso/saml - 200

START OF LOOP

POST to localhost /simplesaml/module.php/saml/sp/saml2-acs.php/okta-local - 303
this post contain s a SAMLResponse as part of the Form Data

GET to localhost /catchokta?saml_sso=okta-local - 302

GET to myorg. okta .com/app/STUFF/sso/saml?SAMLRequest=CHARACTERS - 200 OK

START OF NEXT LOOP

POST to localhost /simplesaml/module.php/saml/sp/saml2-acs.php/okta-local - 303
this post contain s a SAMLResponse as part of the Form Data -

At my endpoint /catchokta, I have the following logic (pulled from the login flow of the Okta/PhP example):
$as = new SimpleSAML_Auth_Simple($sp);
$as->requireAuth();
$user = array(
‘sp’ => $sp,
‘authed’ => $as->isAuthenticated(),
‘idp’ => $as->getAuthData(‘saml:sp:IdP’),
‘nameId’ => $as->getAuthData(‘saml:sp:NameID’)[‘Value’],
‘attributes’ => $as->getAttributes(),
);

the call ->requireAuth is what’s triggering the redirect loop and the $user= line never gets hit.

Has anyone run into this issue before? Any help or tips would be greatly appreciated.

In case anyone runs into this issue later, I haven’t figured it out - I’m still working through it, BUT, I’ve gotten some findings. I’m more and more confident the Okta config is correct, but it’s a mismanagement of session between my application and my SAML library, SimpleSAMLPhP

https://simplesamlphp.org/docs/stable/simplesamlphp-nostate