There is a bug in the SAML module. A fix is needed in the Java code. Unfortunately I am not able to sign in to the support portal to get you the code fix (unable to sign in for some reason). But if you call them you probably could get the same fix as I got from Jaap Pulleman.
I have been working with him the last week to solve this bug.
Regards,
Ronald
[EDIT]
The funny part is that the SSO is not working right now in the support portal. Could be the same bug :)
[EDIT2]
I found the code. It is in the SessionManager.java (SAML/implementation/security) Look at line 200 the new code is this:
UUID sessionIdTMP = samlSession.getSessionId(), sessionId = session.getId();
// Remove the old sessionId reference from the map
if (sessionIdTMP!=null){
this.activeSessions.remove(sessionIdTMP);
}
this.activeSessions.put(sessionId, samlSession);
_logNode.trace("Updating User session: '" + samlSession.getIUser().getName() + "', from SessionId: " + sessionIdTMP + " to " + sessionId);
Yes, Ronald is correct that this is a known issue. We have just released version 1.6.1 to the AppStore, which should resolve it.