Manually force Shibboleth SP to expire/invalidate all sessions

Peter Schober peter.schober at univie.ac.at
Wed Feb 21 11:22:56 EST 2018


* Tom Noonan <tom at joinroot.com> [2018-02-21 16:44]:
> > Otherwise this is just logout
> 
> No, it isn't.  I can have my SP session expire while still being
> logged in to my SAML provider.  If that happens I just get
> redirected to the IdP which immediately auths and redirects back.
> I'm not asking to log users out of the IdP, I'm looking to expire
> the cached SP sessions to require the SP to reauth against the IdP
> to ensure the user is still valid.

So what have you gained in that case? Nothing, unless the session the
browser has with the IDP is also terminated, i.e., logout?

-peter


More information about the users mailing list