Manually force Shibboleth SP to expire/invalidate all sessions

Cantor, Scott cantor.2 at
Wed Feb 21 10:38:17 EST 2018

> If the planned implementation uses timestamped sessions, which I
> imagine it would, then implementing this feature might be very easy and
> something I could submit a pull request for in the future.

If you look at the session cache code you'll see very quickly that nothing about it is easy.

> I'm also unfamiliar with the Shibboleth consortium and how to join it to
> officially raise my concerns, so by voicing my concerns here I'm also learning
> what I need to do to follow this project's flows.  So I guess my expectation is
> to discuss this need with the community, see what those who know more
> about this than I do say, and learn how to get it things considered that don't
> currently exist.

Asking for features is done with JIRA by filing issues or commenting on existing issues. Features that take a lot of effort or require a lot of consensus on approach are considered in light of the membership status or lack thereof of the person or organization asking, basically.

The client side support is really about reducing support burden. I can't support the clustering options that exist to the standard that I would expect of myself and so there needs to be one I can support. Unfortunately it's one that makes timeout and logout enforcement impossible in the bargain.

-- Scott

More information about the users mailing list