HttpSession Timeout - Return to Service Provider

Chad La Joie lajoie at itumi.biz
Wed Nov 2 13:34:26 GMT 2011


Yes.  If your login handler gets invoked, than the IdP has received a
message from an SP and completed its message validation and
pre-authentication processing.

On Wed, Nov 2, 2011 at 09:31, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
>
> Ok I think I see what your saying.
> Good to know that HttpSession expiring does not effect Shib.
>
> So would it be fair to say if I can get a LoginContext via HttpServletHelper.getLoginContext in my application that I have succesfully decoded the request and am talking to an SP?
>
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
> Sent: Tuesday, November 01, 2011 4:10 PM
> To: Shib Users
> Subject: Re: HttpSession Timeout - Return to Service Provider
>
> On Tue, Nov 1, 2011 at 14:06, Zmuda, Matthew R <Matthew.R.Zmuda at td.com> wrote:
>> Hmm.. so what do I need to have to be able to get back to SP with some response? I though Shibboleth stored data in HttpSession. So when HttpSession is invalidated I lose this data and can no longer get back to SP. Is that not true?
>
> No, the IdP does not use the HttpSession.
>
>> The underlying issue I might be having may be on my end.
>> Right now when I do some custom decoding via extention of org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder I put the SAMLMessageContext into HttpSession:
>>
>> httpRequest.getSession(true).setAttribute("MySAMLCxt", samlMsgCtx);
>>
>> And I use this in my application to flag that the authentication I am doing is for a SP. I'm doing this because I thought Sibboleth also put things in HttpSession. When invalidated I'm left with nothing and no way back to SP.
>
> Again, no, Shib has nothing to do with the HttpSession.
>
>> Is there another way in my IDP application I can tell that I am handling a SP AuthNRequest that does not involve HttpSession and allows me to go back to SP even if HttpSession expires?
>
> I still don't understand what you're asking.  The fact that you got a
> request and decoded it means, by definition, you're talking to an SP.
>
> Are you trying to disable SSO support?  Why do you care if the user's
> IdP session has expired and they need to authenticate again vs. being
> signed-in automatically because they have an IdP session?
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
> AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered


More information about the users mailing list