Shib with REST and AJAX Best Practices
Russell J Yount
rjy at cmu.edu
Tue Sep 13 13:16:47 BST 2011
We have some developers here using REST and AJAX together with Shibboleth. The problem of the Javascript not understanding the 302 redirects that shibboleth uses when re-authenticating has come up.
The groups solution has been to:
1) Change the sessions statement to look something like this:
<Sessions lifetime="28800" timeout="86400" checkAddress="false" relayState="ss:mem" handlerSSL="true">
The key here is setting the lifetime value lower than the timeout value.
2) Add the following directives to the httpd.conf file (they added them globally, but there is no reason it couldn't be done at a directory level I suppose):
Header unset ETag
Header set Cache-Control "max-age=0, must-revalidate"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
This seems to work for them. Is there a better way to handle this?
One possible alternative I have suggested would be to have the application manage its own session (using on authentication page protected by Shibboleth).
What is the best practice for this?
-Russ
Russell J. Yount rjy at cmu.edu<mailto:rjy at cmu.edu>
Identity Services, Carnegie Mellon University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110913/c6958608/attachment.html
More information about the users
mailing list