Shibboleth session vs Application session

Cantor, Scott cantor.2 at osu.edu
Tue Dec 16 15:05:36 EST 2014


On 12/16/14, 7:50 PM, "Eric Goodman" <Eric.Goodman at ucop.edu> wrote:
>
>Meaning that if you set an AuthenticationResults lifetime of 8 hours and 
>a timeout of 15 minutes (and the IdP session is set to at least 15 
>minutes), then authenticating to a different application every 10 minutes 
>would keep the authentication active for up to 8 hours?

I think that's true now. The difference is there's now a timeout you can 
set per-method to change how often you'd have to come back, without 
affecting the IdP session as a whole, which matters if you're trying to 
waste your time on logout. If the IdPSession goes, any hope of single 
logout is gone with it.

-- Scott



More information about the users mailing list