administratively terminate specific SP session
cantor.2 at osu.edu
Wed Feb 21 13:22:52 EST 2018
> But could I locate (and possibly remove) the session information from
> a suitable storage service, by interacting with the storage backend
> itself? (Returning to my cross-over topic of a clusterd memcached
> storage backend, even though introducing something like that solely to
> block subjects based on session IDs seems overkill.)
Yes, it's just the documented/undocumented problem. Without a supported API, we can change the storage format and break something doing that. Same reason I had to add an API for lockout mangagement in the IdP, manipulating the storage breaks the encapsulation.
But yes, it's a very easy to figure out storage layout.
More information about the users