SP client-side session storage and originating IdP
cantor.2 at osu.edu
Mon Aug 13 14:56:24 EDT 2018
> The docs say that you provide a list of attributes that you want to store in the
> cookie. I assume these are attribute friendly names as configured in the
> attribute map.
> I'm wondering what other non-attribute information gets stored in the cookie.
> Specifically, will another clustered SP node know the IdP that generated the
> assertion to be able to initiate a federated logout?
Yes, but inbound logout won't work reliably if the reverse mappings aren't clustered, which defeats the purpose in most cases so logout will be more unreliable than it already is.
More information about the users