idp.session.enabled and shibboleth logout?
Cantor, Scott
cantor.2 at osu.edu
Wed Jun 15 16:50:06 EDT 2016
On 6/15/16, 1:43 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:
>I have seen suggestions from IdP v2 to turn off the previousSession handler if deferring
> authn to an external SSO. I believe the equivalent in IdP3 would be setting
> idp.session.enabled to false.
Well, not exactly. I guess they overlap, but they certainly aren't the same thing. You can disable SSO in V3 by just using a really short authentication flow lifetime, but still have sessions.
The PreviousSession thing was sort of a weird hack that V2 used to implement SSO, but it's not really related to whether sessions are enabled or not. They're always on in V2.
>We're also interested in trying the updated SLO functionality in Idp 3.2.x, which appears
>to need session tracking enabled (so it knows which SPs to logout from). Presumably that
>requires the IdP session layer be enabled?
Yes.
-- Scott
More information about the users
mailing list