destroying user IdP session as part of profile intercept flow
Scott Koranda
skoranda at gmail.com
Thu Feb 4 08:58:09 EST 2016
> On 2/3/16, 12:24 PM, "users on behalf of Scott Koranda" <users-bounces at shibboleth.net on behalf of skoranda at gmail.com> wrote:
>
>
>
> >Is there an elegant way for a post-intercept flow to kill a
> >user's IdP session if it is deemed appropriate by the flow's
> >logic?
>
> You can write an action that checks the SessionContext for a
> session and destroys it and then make sure to clear the
> field in the SessionContext, or just remove it. Provided
> there aren't bugs in other places, that should be innocuous
> to the rest of the system, and it certainly destroys the
> session.
>
If I want to use a somewhat smaller hammer, is there any reason I
cannot look at the SubjectContext, find the mutable map of
authentication results it holds, examine the authentication
results to find one I am targeting, and then remove that one
from the map?
The goal is to use an intercept flow to invalidate an
authentication result that just happened so that it cannot be
used again until the associated authentication flow happens
again.
Thanks,
Scott K
More information about the users
mailing list