Manually force Shibboleth SP to expire/invalidate all sessions
Michael A Grady
mgrady at unicon.net
Wed Feb 21 12:52:43 EST 2018
> On Feb 21, 2018, at 11:17 AM, Peter Schober <peter.schober at univie.ac.at> wrote:
>
> 1] That's not a fix in case you have more than one SP to care about,
> of course, that one would require admin logout.
Not if you did it with an LDAP group membership, and all SPs included that authz block. Then you could change it in one place. Even with admin logout (unless you mean admin SLO logout starting at the IdP, I suppose that could, at least theoretically, get all SPs), if that was based at the SP, you'd need to do it SP-by-SP, right?
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180221/5b069fcb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://shibboleth.net/pipermail/users/attachments/20180221/5b069fcb/attachment.sig>
More information about the users
mailing list