User induced session stomping?
Chad La Joie
lajoie at itumi.biz
Mon Aug 27 12:04:01 EDT 2012
The SSO login handlers have code that looks for these types of
conditions, and I believe the OP condition is checked for. I don't
recall if it gives a specific exception that you could catch or if it
just logs differently.
On Mon, Aug 27, 2012 at 9:00 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/27/12 11:58 AM, "Chad La Joie" <lajoie at itumi.biz> wrote:
>
>>In theory, I think so. I don't believe the IdP does do that, however.
>> In the case you noted you'll have one login context with a completed
>>authentication recorded. In the case of the OP, you end up with
>>multiple login contexts none of which has completed.
>
> Yeah, I didn't think the IdP today did, just wondering if it was possible
> with the brute force error message testing I do. Mostly I wondered how
> Kevin knew that *that* was that cause of the error his users saw.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list