Manually force Shibboleth SP to expire/invalidate all sessions

Michael A Grady mgrady at
Wed Feb 21 12:52:43 EST 2018

> On Feb 21, 2018, at 11:17 AM, Peter Schober <peter.schober at> wrote:
> 1] That's not a fix in case you have more than one SP to care about,
> of course, that one would require admin logout.

Not if you did it with an LDAP group membership, and all SPs included that authz block. Then  you could change it in one place. Even with admin logout (unless you mean admin SLO logout starting at the IdP, I suppose that could, at least theoretically, get all SPs), if that was based at the SP, you'd need to do it SP-by-SP, right?

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the users mailing list