HttpSession Timeout - Return to Service Provider

Zmuda, Matthew R Matthew.R.Zmuda at td.com
Tue Nov 1 18:06:28 GMT 2011 

Hmm.. so what do I need to have to be able to get back to SP with some response? I though Shibboleth stored data in HttpSession. So when HttpSession is invalidated I lose this data and can no longer get back to SP. Is that not true?

The underlying issue I might be having may be on my end.
Right now when I do some custom decoding via extention of org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder I put the SAMLMessageContext into HttpSession:

httpRequest.getSession(true).setAttribute("MySAMLCxt", samlMsgCtx);

And I use this in my application to flag that the authentication I am doing is for a SP. I'm doing this because I thought Sibboleth also put things in HttpSession. When invalidated I'm left with nothing and no way back to SP.

Is there another way in my IDP application I can tell that I am handling a SP AuthNRequest that does not involve HttpSession and allows me to go back to SP even if HttpSession expires?

Thanks very much. I think I may have had the wrong understanding of how this works.


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
Sent: Tuesday, November 01, 2011 1:55 PM
To: Shib Users
Subject: Re: HttpSession Timeout - Return to Service Provider

There isn't any way you can feed custom SAML status's back in to the
IdP (which is fine since you can't rely on the SP showing them
anyways).  But, you can certainly check to see if the HttpSession is
still valid when they submit the username/password.

Note though, the HttpSession is *not* the same thing as the IdP session.

On Tue, Nov 1, 2011 at 13:50, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
> Yes. So HttpSession will be invalidated because it expires.
> http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#invalidate%28%29
>
> In this case I don't want the user to be able to login anymore, but I do want to return to SP with a custom SAML status that tells them the users session expired on our end.
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
> Sent: Tuesday, November 01, 2011 1:45 PM
> To: Shib Users
> Subject: Re: HttpSession Timeout - Return to Service Provider
>
> So, you mean some one went to the SP, they got redirected to the IdP,
> then walked away for some very long period of time, and came back and
> tried to complete the login process and you want to capture that?
>
> On Tue, Nov 1, 2011 at 13:42, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
>> When using External Authentication is it possible to return to the Service
>> Provider that sent the AuthNRequest after HttpSession expires?
>>
>> How can this be accomplished?
>>
>> NOTICE: Confidential message which may be privileged. Unauthorized
>> use/disclosure prohibited. If received in error, please go to
>> www.td.com/legal for instructions.
>> AVIS : Message confidentiel dont le contenu peut être privilégié.
>> Utilisation/divulgation interdites sans permission. Si reçu par erreur,
>> prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
> AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list