Client address mismatch issue with multiple instances of Azure Application Gateway

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Client address mismatch issue with multiple instances of Azure Application Gateway

Aseem Keskar

Hi Shibboleth Team,


Shibboleth SSO is not working correctly hosted on Azure VM configured with two or more instances of Azure Application Gateway. It works absolutely fine with single instance of application gateway. But when we switch to two or more instance of Application Gateway, we get following error and warning.  Application should run with multiple instances of Application Gateway to meet the SLA requirement from Microsoft. Kindly note that each instance of application gateway has its own IP addresses.


<Data>Shibboleth.ServiceProvider [7952] iis_shib [default]: error during session lookup: Your IP address ( does not match the address recorded at the time the session was established.</Data>    


Application doesn’t work as expected due to this error of IP Address mismatch even after successful login into Shibboleth. Also, please find attached log for the detail. We have taken this log from our IIS Server where Shibboleth SP is installed.

Additionally, when we click on logout link, it throws error “<Data>Shibboleth.Application : LogoutInitiator handler at duplicate Location (/Logout) will not be processed for application (default)</Data>”. Please see the error detail in attached log file.

We are looking for your assistance here to fix this authentication issue for Shibboleth SSO.


Thanks and Regards,


Aseem Keskar
Group Manager – IT - WNS Global Services (P) Ltd |

Gate No 4, Plant 10 / 11 Godrej & Boyce Complex, Pirojshanagar, LBS MargVikhroli (West)Mumbai,Maharashtra,

IP: 67219|Direct: | Mobile: +919004427356 | Email : [hidden email]








  Connect with WNS  



To unsubscribe from this list send an email to [hidden email]

IP_Warnings.txt (2K) Download Attachment