Manually force Shibboleth SP to expire/invalidate all sessions

Cantor, Scott cantor.2 at
Tue Feb 20 16:05:59 EST 2018

> So there's no way to expire out the known sessions in shibd?  That's really
> what I need, I don't need to logout users at the IdP level.

I assumed you wanted to expire specific sessions, and I wasn't talking about the IdP (but that said, of course, it's true that the SP has to trigger an IdP administrative logout, which we also don't yet support).

If you want to expire all of them, restarting shibd isn't even purely sufficient in the abstract if you're using another storage service, but in practice it usually would work now. There's no explicit means and adding client side session storage, which will be the default in V3, would defeat that.

-- Scott

More information about the users mailing list