Shibboleth SP3 Premature Session Expiration

Michael Kim michaeljkim at
Wed Dec 19 09:42:10 EST 2018

The reverse proxy is behind an AWS load balancer and it seems to be coming from one of 2 addresses.  When the address changes, it seems to reset the session.

Is there a way for the SP to not check the IP address?  I had checkAddress = false.  I didn’t specify consistentAddress.  It seems the default for consistentAddress is true.  Would that still cause the SP to check for the address?

> On Dec 19, 2018, at 9:39 AM, Cantor, Scott <cantor.2 at> wrote:
> On 12/19/18, 8:01 AM, "users on behalf of michaelangelo72" <users-bounces at on behalf of michaeljkim at> wrote:
>> Anyone figure out what can causes these sessions to be removed too soon?
> Usually logged in the native.log (syslog by default in V3) why it's removing them, but they're invalid. Probably client address change.
> -- Scott
> -- 
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list