SP V3 client side session questions

Tom Noonan tom at joinroot.com
Wed Feb 21 11:40:53 EST 2018

This is a fork off my other thread "Manually force Shibboleth SP to
expire/invalidate all sessions" and is following up from the context
there.  I have some architectural questions about the V3 client session
support to be added under
https://issues.shibboleth.net/jira/browse/SSPCPP-775  (Please correct me if
this is the wrong ticket).

Per the other thread, and if my understanding is correct, this feature will
allow sessions to move from one SP to another.  I have a couple questions
I'd like to voice to understand how this will be set up and impact our
security stance:

- How will one SP know the session is valid from another SP?

- Will something (a cert I'm guessing) need to be shared between the SPs to
group them?

Please let me know, thank you!

--Tom Noonan II
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180221/5e67a375/attachment.html>

More information about the users mailing list