Shibboleth SP getting progressively slower

Martin Haase Martin.Haase at DAASI.de
Mon Nov 5 08:44:13 EST 2012 

Hi Scott,

sorry for resurrecting an old thread, however, I see another issue here,
besides having the possibility to have these two options
(maintainReverseIndex="false" or setting excludeReverseIndex).

Now I'm looking at logout, the reason for the reverse index to exist in
the first place. I have the default <Logout>SAML2 Local</Logout>
configured. When I explicitly call the /Shibboleeth.sso/Logout URL, it
very much seems that it is only the session itself and not the reverse
index belonging to the respective NameId being removed. I was doing a
load test including logout, and I see exactly the same behaviour as
without logout.

Just to confirm, is this correct? I'm a bit concerned, because *if* I
had an SLO compliant IdP, would there be no real SAML2 SLO of all active
sessions belonging to that user? Asking the other way round, why would
the SP, being unable to find a SLO URL at the IdP in my set-up, keep
itself from removing all sessions of the user?

Cheers,
Martin

Am 29.03.2012 17:19, schrieb Cantor, Scott:
>> There will be no fix as long as logout is a requirement, I'd have to redesign far
>> too much code to fix a minor problem that doesn't affect production
>> systems. I'll probably add an option to disable the storing of the information
>> when logout isn't used, or perhaps allow a blacklist of names to be treated as
>> monitoring IDs.
> Both of these enhancements are done.
> https://issues.shibboleth.net/jira/browse/SSPCPP-332
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-- 
-----------------------------------------------------------------------
Dr. Martin Haase
DAASI International GmbH                   phone:     +49 7071 407109-6
Europaplatz 3                              Fax  :     +49 7071 407109-9
D-72072 Tübingen                           email: Martin.Haase at DAASI.de
Germany                                    Web  :   http://www.daasi.de

Directory Applications for Advanced Security and Information Management
-----------------------------------------------------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2345 bytes
Desc: S/MIME Kryptografische Unterschrift
Url : http://shibboleth.net/pipermail/users/attachments/20121105/25e3241f/attachment.bin

More information about the users mailing list