SP: updating attributes

Yuji Shinozaki ys2n at virginia.edu
Wed Aug 10 21:30:23 BST 2011


On Aug 10, 2011, at 4:08 PM, Cantor, Scott E. wrote:

> On 8/10/11 4:01 PM, "Yuji Shinozaki" <ys2n at virginia.edu> wrote:
>> 
>> We are using the Native SP via mod_shib and have a need to make sure that
>> the shibboleth attributes are updated with each visit to certain urls.
> 
> That isn't supported or on any road map. It's a completely different
> internal design.

I figured as much.  Thanks for verifying.

> 
>> It seems that with the native sp the only way to update the attributes is
>> via an authentication.  So one way it seems that we can accomplish what
>> we want is to reduce the <Session> lifetime to something very short, but
>> that reduces the session lifetime for all of the shibboleth applications
>> to which that <Session> applies.
> 
> A session only applies to one application by definition. You decide what
> resources are grouped into an application.

Ah.  Now I see there is a default Session declaration, but you can have different ones per application.

So we could map multiple shibboleth applications into our url space, some of which have a reduce session lifetime?

There is some question in my mind about handling nested the paths, but this still might be the most straightforward way of doing this.

Thanks!

yuji
----
Yuji Shinozaki
Technical Director, SHANTI
University of Virginia
http://shanti.virginia.edu
434-924-7171
ys2n at virginia.edu
----
"Computers are useless.  They only give you answers". --Pablo Picasso











More information about the users mailing list