HttpSession Timeout - Return to Service Provider

Chad La Joie lajoie at itumi.biz
Tue Nov 1 17:55:06 GMT 2011


There isn't any way you can feed custom SAML status's back in to the
IdP (which is fine since you can't rely on the SP showing them
anyways).  But, you can certainly check to see if the HttpSession is
still valid when they submit the username/password.

Note though, the HttpSession is *not* the same thing as the IdP session.

On Tue, Nov 1, 2011 at 13:50, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
> Yes. So HttpSession will be invalidated because it expires.
> http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#invalidate%28%29
>
> In this case I don't want the user to be able to login anymore, but I do want to return to SP with a custom SAML status that tells them the users session expired on our end.
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
> Sent: Tuesday, November 01, 2011 1:45 PM
> To: Shib Users
> Subject: Re: HttpSession Timeout - Return to Service Provider
>
> So, you mean some one went to the SP, they got redirected to the IdP,
> then walked away for some very long period of time, and came back and
> tried to complete the login process and you want to capture that?
>
> On Tue, Nov 1, 2011 at 13:42, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
>> When using External Authentication is it possible to return to the Service
>> Provider that sent the AuthNRequest after HttpSession expires?
>>
>> How can this be accomplished?
>>
>> NOTICE: Confidential message which may be privileged. Unauthorized
>> use/disclosure prohibited. If received in error, please go to
>> www.td.com/legal for instructions.
>> AVIS : Message confidentiel dont le contenu peut être privilégié.
>> Utilisation/divulgation interdites sans permission. Si reçu par erreur,
>> prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
> AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered


More information about the users mailing list