Does Shibboleth SP support HTTP POST redirect using status code 307?
wlee007-m at yahoo.com
Fri Feb 16 01:04:27 EST 2018
Can SP pass the value of session expiry time to backend?
On Tuesday, February 13, 2018, 7:42:55 PM EST, Cantor, Scott <cantor.2 at osu.edu> wrote:
> Another way to do it is for the application itself to keep track of its state,
> which is how we do it in our AngularJS apps. Well, we do a few things.
> (We're not dealing with a Shibboleth SP, but we still have to deal with the
> situation where a session -- in our case, an OAuth access token -- has
That was my meaning in saying "take over the session management", it has to be something the app deals with instead of leaving it to involuntary behavior.
> (Our model would be more like what Scott suggests, where you don't use
> the SP for session management. Use lazy sessions, and your backend can
> signal back to the AngularJS app when the session has expired and it's time to
> do re-auth.)
>From an SP perspective, yes, the passive behavior allows a fair amount of continued reuse of the SP machinery, but you can control when the redirects actually happen.
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users