donotcache and forceAuthn
Jeffrey Crawford
jeffreyc at ucsc.edu
Fri Aug 14 18:56:37 EDT 2015
If an SP makes a forceAuthn="true" request, we could ignore the fact that
there is an option of donotcache.
That being the case, the option could be removed from the login page if we
could inspect that kind of request.
Jeffrey E. Crawford
ITS Application Administrator (IdM)
831-459-4365
jeffreyc at ucsc.edu
Both pilots and IT professionals require training and currency before
charging into clouds!
---------------------------------------
On Fri, Aug 14, 2015 at 3:43 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/14/15, 6:37 PM, "users on behalf of Jeffrey Crawford" <
> users-bounces at shibboleth.net on behalf of jeffreyc at ucsc.edu> wrote:
>
> >There was a question around our campus regarding if it was possible to
> have the login page logic know if an SP requests forceAuthn and allow the
> login page not show the section of the form which sets donotcache. I didn't
> find anything however I'm sure I could have missed it as well.
>
> If an SP requests ForceAuthn, the form would be used, but remembering the
> result after that is relevant for the following requests, not that one. So
> there is by definition nothing it could look at. Whether *that* request
> included it would have nothing to do with the decision to remember it for
> the next SP.
>
> Or perhaps I'm not following your line of thought.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/2f8c2fc0/attachment.html>
More information about the users
mailing list