Embedded Discovery Service and Cookie cacheExpiration

Dan McLaughlin dmclaughlin at tech-consortium.com
Sat Oct 22 01:28:54 BST 2011


We are using 2.4.3, so I had to put back the old 2.3-style chain.  I
added the Cookie SessionInitiator and it almost worked like we needed
it.  The problem we ran into next is that the _saml_idp cookie that
the DS sets is persistent, so the only way to forget your original IDP
selection is to kill your cookie manually.  The old behavior that we
were looking for was for the entity to only be remembered once they
successfully logged in.

By setting samlIdPCookieTTL=0 we now have a behavior where once you
select an IDP, you can't choose another IDP without closing your
browser.  But once you have successfully selected and logged into an
IDP, then you don't see the discovery service again until you clean
your the _saml_idp cookie set by your IDP.  We now have the behavior
we were looking for and we are running the new EDS 1.01.

Thanks for the help Scott!  Have a great weekend.

--

Thanks,

Dan McLaughlin




On Fri, Oct 21, 2011 at 8:51 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> ot really. The SessionInitiator page in the docs describes all of the
> plugins supported. The Cookie plugin slides in at the beginning of the
> SessionInitiator chain and can automatically populate the entityID to use
> based on the _saml_idp cookie that the DS sets.


More information about the users mailing list