short-circuit SSO?

Russell Beall beall at
Mon Nov 19 12:19:21 EST 2012

I'm looking for the best way to shorten the lifetime or kill a session at the IdP when the login process is complete.

The use case is the shared workstation environment for sensitive services.  Currently I can kill the previous session in my custom login handler when a new login is invoked, but actually I need to be able to set the session to expire in a short timeframe with a filter or something.  From the looks of the Session object API, there is only a lifetime setting available on construction and it can't be changed thereafter.

Most services will receive an 8-hour lifetime, but for a subset of these, I would like to disable SSO, including the use of that existing session to log into other services that won't be using forceAuthn to route back through my custom login handler.

Any advice would be appreciated.


Russell Beall
Programmer Analyst IV
Enterprise Identity Management
University of Southern California
beall at

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list