SSO and SimpleSAMLphp Configuration for CDNs

Please note: The below example relates to the Acquia Cloud Edge CDN. For details on troubleshooting redirect loops for Cloud Platform CDN, please see our Cloud Platform CDN documentation

A redirect loop can occur when a user tries to authenticate with SSO/SAML but because of the presence of a cache or CDN which is not set to bypass the cache on the presence of the SAML cookie(s).  SimpleSAMLPHP uses a cookie starting with 'SimpleSAML', so bypasing the cache for 'SimpleSAML.*' should avoid any issues. See below for an example Page Rule

Redirect loops can also be caused by a redirect switching from http to https, refer to the SimpleSAMLphp debugging documentation as well as the Troubleshooting SimpleSAML article.