postdata and Session timeout
Cantor, Scott
cantor.2 at osu.edu
Tue Feb 19 17:38:15 EST 2013
On 2/19/13 5:23 PM, "Robshaw, David A. (GSFC-423.0)[ASRC RESEARCH &
TECHNOLOGY SOLUTIONS]" <david.a.robshaw at nasa.gov> wrote:
>I have two applications authenticated with shibboleth. Activity using
>either application will extend my 'single' session. I log into App1. I
>access App2 (no login required as session was created by App1).
I don't know what app1 or app2 mean here, you're going to have to be more
precise in your description. If these were separate SPs, there's always a
login required, it just might not prompt. Still a round trip and they know
nothing about each other. Same goes for two applications with discrete
applicationIds on an SP.
> I continue activity in App2 beyond the point where App1 would normally
>have timed out. I then access App1 by submitting a form. I do not
>receive a re-authentication login request (expected due to the session
>activity of App2).
I wouldn't expect that at all, thus I don't know what you're doing.
>
> But the submitted form of App1 is interrupted by the
>postData/postTemplate shibboleth settings.
>
>Is this an expected result? I thought the postTemplate would only be
>invoked for re-authentication.
It's invoked to preserve data across a trip to the IdP, that's it. That's
what a SAML SP would term reauthentication.
>
>I am also having timeout issues. It seems my session timeout is set to
>30 minutes. I can use <Sessions timeout=x> to extend my session to
>longer than 30 minutes, but not shorter. This seems backward.
Well, it's not true. The timeout will be whatever you set it to, possibly
lowered by a SessionNotOnOrAfter from the IdP in the assertion.
-- Scott
More information about the users
mailing list