Manually force Shibboleth SP to expire/invalidate all sessions

Michael A Grady mgrady at
Wed Feb 21 11:40:55 EST 2018

If the "bottom line" is to prevent a given user from continuing to use the service, and you are using Apache HTTPD as a reverse proxy, couldn't you add in "negated" group authorization in addition to the Shib-based authz rules? I.e. don't allow access to anyone that is a member of this group? Using whatever approach the given version of the Shib SP, and of Apache HTTPD, you are using: <>

> On Feb 21, 2018, at 10:33 AM, Tom Noonan <tom at> wrote:
> No worries, I appreciate the help in any case!
> --Tom Noonan II
> On Wed, Feb 21, 2018 at 11:30 AM, Peter Schober <peter.schober at <mailto:peter.schober at>> wrote:
> * Tom Noonan <tom at <mailto:tom at>> [2018-02-21 17:23]:
> > I'm not using memcached.  I think there is some confusion with another
> > thread.
> Indeed, apologies. I was referring to a hijacked thread that at one
> point changed its subject to "Shibboleth SP clustering using shared
> database", where someone wanted to cluster Apache httpd with Shib as a
> reverse proxy to another resource.
> That latter part is what caused me to chase you down a road you had no
> intention of going.
> -peter

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the users mailing list