Manually force Shibboleth SP to expire/invalidate all sessions

Peter Schober peter.schober at
Wed Feb 21 11:22:56 EST 2018

* Tom Noonan <tom at> [2018-02-21 16:44]:
> > Otherwise this is just logout
> No, it isn't.  I can have my SP session expire while still being
> logged in to my SAML provider.  If that happens I just get
> redirected to the IdP which immediately auths and redirects back.
> I'm not asking to log users out of the IdP, I'm looking to expire
> the cached SP sessions to require the SP to reauth against the IdP
> to ensure the user is still valid.

So what have you gained in that case? Nothing, unless the session the
browser has with the IDP is also terminated, i.e., logout?


More information about the users mailing list