short-circuit SSO?
Paul Hethmon
paul.hethmon at clareitysecurity.com
Mon Nov 19 13:06:48 EST 2012
It seems like if you use your own Session object, you could stuff an
indicator in there that this session is shorter in the login handler. Then
the filter could kill the session, or maybe you could hook into the
session filter?
Paul
On 11/19/12 1:00 PM, "Russell Beall" <beall at usc.edu> wrote:
>That's what I see also.
>
>So, instead of manipulating the session, I believe there is a way to do a
>post-login filter, and I would like to use that to delete the cookies
>similar to the way our logout page works, but it would need to be past
>the point where the session needs to be referenced from those cookiesŠ
>Is that doable, or would that be too "hack"-ish and risky?
>
>Thanks,
>Russ.
>
>On Nov 19, 2012, at 9:50 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>> On 11/19/12 12:19 PM, "Russell Beall" <beall at usc.edu> wrote:
>>>
>>> I'm looking for the best way to shorten the lifetime or kill a session
>>>at
>>> the IdP when the login process is complete.
>>
>> As I said in another thread, I don't think there's a particularly clean
>> way to do it other than turning off PreviousSession and taking over SSO
>> either via external SSO or via custom login handler. I know how the
>> session gets created and used, and it's just too tied up in the
>> AuthnEngine and profile handlers.
>>
>> -- Scott
>>
>>
>> --
>> To unsubscribe from this list send an email to
>>users-unsubscribe at shibboleth.net
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net
More information about the users
mailing list