idp.session.consistentAddress and real security implications.

Jim Fox fox at
Mon Apr 25 13:48:16 EDT 2016

>> We've been getting increasing complaints, especially from mobile users that
>> move between 4G/3G and wifi, that they are loosing their IdP SSO sessions.
> The consequence being (leaving logout aside) that they have to login more, but nothing actually breaks, right?

We do external authn and have gotten hit with this on the return to the IdP.


More information about the users mailing list