SP V3 client side session questions
Tom Noonan
tom at joinroot.com
Wed Feb 21 12:48:42 EST 2018
> The ability to invalidate everything and everybody at once isn't actually
disappearing because restarting the in-memory caches and just replacing the
active key(s) will render any blobs in the wild unusable.
Cool. If that's the case then I still have the emergency button I need
going forward. I appreciate all the help, thanks!
--Tom Noonan II
On Wed, Feb 21, 2018 at 12:27 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> If you have development questions, please move that to the dev list or
> just add comments to the JIRA issue.
>
> The mechanism is based on a shared AES key and AES-GCM encrypted data with
> a rolling key, same as the IdP uses. The ability to invalidate everything
> and everybody at once isn't actually disappearing because restarting the
> in-memory caches and just replacing the active key(s) will render any blobs
> in the wild unusable.
>
> -- Scott
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180221/e79f0f10/attachment.html>
More information about the users
mailing list