Shibboleth SP3 Premature Session Expiration
michaeljkim at gmail.com
Wed Dec 19 09:42:10 EST 2018
The reverse proxy is behind an AWS load balancer and it seems to be coming from one of 2 addresses. When the address changes, it seems to reset the session.
Is there a way for the SP to not check the IP address? I had checkAddress = false. I didn’t specify consistentAddress. It seems the default for consistentAddress is true. Would that still cause the SP to check for the address?
> On Dec 19, 2018, at 9:39 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 12/19/18, 8:01 AM, "users on behalf of michaelangelo72" <users-bounces at shibboleth.net on behalf of michaeljkim at gmail.com> wrote:
>> Anyone figure out what can causes these sessions to be removed too soon?
> Usually logged in the native.log (syslog by default in V3) why it's removing them, but they're invalid. Probably client address change.
> -- Scott
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users