idp.session.consistentAddress and real security implications.

Cantor, Scott cantor.2 at
Wed Apr 27 13:41:07 EDT 2016

On 4/27/16, 1:30 PM, "users on behalf of Jeffrey Crawford" <users-bounces at on behalf of jeffreyc at> wrote:

>​Can you elaborate on "stored data is on the server"? would this be "idp.session.StorageService = shibboleth.StorageService"

I'm speaking generally of any storage plugin that stores the data on the server.

>​Would this be the case if server being set to "idp.session.StorageService = shibboleth.ClientSessionStorageService"

That stores the data in a separate cookie or in local storage depending on other settings. All of that is decently documented now.

-- Scott

More information about the users mailing list