short-circuit SSO?
Russell Beall
beall at usc.edu
Mon Nov 19 12:19:21 EST 2012
I'm looking for the best way to shorten the lifetime or kill a session at the IdP when the login process is complete.
The use case is the shared workstation environment for sensitive services. Currently I can kill the previous session in my custom login handler when a new login is invoked, but actually I need to be able to set the session to expire in a short timeframe with a filter or something. From the looks of the Session object API, there is only a lifetime setting available on construction and it can't be changed thereafter.
Most services will receive an 8-hour lifetime, but for a subset of these, I would like to disable SSO, including the use of that existing session to log into other services that won't be using forceAuthn to route back through my custom login handler.
Any advice would be appreciated.
Regards,
Russ.
==============================
Russell Beall
Programmer Analyst IV
Enterprise Identity Management
University of Southern California
beall at usc.edu
==============================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121119/609728e5/attachment.html
More information about the users
mailing list