idp.session.consistentAddress and real security implications.
cantor.2 at osu.edu
Mon Apr 25 14:00:51 EDT 2016
> We do external authn and have gotten hit with this on the return to the IdP.
That would imply that the container session is itself unsafe. In which case, yikes, but additionally, it probably doesn't matter all that much whether you bind this cookie if that one isn't.
The IdP's session doesn't come into play at all for external authn (in V3).
More information about the users