administratively terminate specific SP session

Cantor, Scott cantor.2 at
Wed Feb 21 12:37:08 EST 2018

> Given a session ID from the transaction log (eg.
> _ae7b9914292d19c02b6b632edc5e9383 with applicationId 'default' from
> AssertionID 'id-KS2cElqrTQ12UzCVm') is it possible to administratively
> terminate the SP session, preferably from the command line?

No, it's not.

> If not, will you entertain a feature request for such capability?

I'm willing (esp. if it's divorced from having to implement SAML administrative logout and let the IdP know) but it won't work with the client-side feature in V3 unless we come up with some ugly workaround like a session blacklist I guess.

What would make you *not* prefer doing this with the web server or application to block authz? That seems like a much better way to do it to me...

I hope you say persistent IDs... ;-)

-- Scott

More information about the users mailing list