Reasons to use/not use HTML local storage?

[David Langenberg]

You might have an ace though Keith, if you're using Duo as your 2FA solution, then users have to use a JS enabled browser to support the web SDK integration.

Dave

> On Nov 30, 2015, at 2:36 PM, Wessel, Keith <kwessel at illinois.edu> wrote:
> 
> Thanks, Scott. Yes, that does, in fact, appear to be the case. I get an IDP error with this feature enabled when performing an SAML logout from my favorite non-Javascript browser (Lynx).
> 
> So, as you pretty much said, one must ask if they can require their users to have Javascript-capable browsers that can support HTML Local storage before enabling this feature and then publishing an SAML Logout endpoint in metadata.
> 
> As much as I'd like to assume everyone has a browser that can support this, I'm afraid our usability folks won't agree.
> 
> Keith
> 
> 
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
> Sent: Friday, November 27, 2015 10:42 AM
> To: Shib Users <users at shibboleth.net>
> Subject: Re: Reasons to use/not use HTML local storage?
> 
> On 11/25/15, 5:29 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> 
> 
> 
>> That is what gets stored in the cookie (rather than the HTML local storage) if idp.session.trackSPSessions and idp.session.secondaryServiceIndex are enabled? Will it put as much into the cookie as will fit and it'll be hit or miss if SAML logout works?
> 
> No, it stores nothing, so I believe the IdP will return a failure response to the SP, but I haven't experimented much with it.
> 
> -- Scott
> 
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


--
David Langenberg
Identity & Access Management Architect
The University of Chicago