I've got UAA connected to an Identity Provider using SAML. I've noticed that if the Identity Provider takes some time (in my case, 1 minute 40 seconds) in responding to the SAML request with a SAML response, then I get this error in UAA: "InResponseToField of the Response doesn't correspond to sent message..." In the logs, I can see:
DEBUG --- HttpSessionStorage: Storing message a4g4f9f5259jb7ji12eah767h6e0i20 to session 82190965-9a09-4618-9c21-90a01cab7be5
But then it seems that that session no longer exists... Is there some sort of timeout that is deleting that HttpSession?