[Ext] Shib session question
Nate Klingenstein
nate.klingenstein at utah.edu
Mon May 23 16:54:57 EDT 2016
Works fine when the first SAML response is sent to our service, but when the user returns to their application, switches users and sends us a new SAML assertion, their original session seems to persist and the new response is ignored. This results in the second user utilizing the first user's token.
Do you know what the implementation is? If it’s Shibboleth IdP v2.x, switching of principals during a single session was never a use case that the IdP was designed for, and it results in the behavior you’ve experienced. IIRC, it’s down to session management and result caching, but I don’t really recall.
The same question came up for IdPv3 recently.
http://comments.gmane.org/gmane.comp.web.shibboleth.user/46927
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160523/47a66b04/attachment.html>
More information about the users
mailing list