Shibboleth v3 - Session HA Questions
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 1 18:52:06 UTC 2020
On 7/1/20, 2:45 PM, "users on behalf of prasanna cg" <users-bounces at shibboleth.net on behalf of prasannacgin at yahoo.in> wrote:
> Thanks Scott. I confirm that they are NOT sharing the encryption keys and do not use any delegated source for
> authentication as well. Pretty much a vanilla install. I am in fact able to reproduce the behavior not just through the LB
> but also by spoofing the IP directly from localhosts file. Is there a possibility that using a common ’store password’ for
> the DataSealer across all IDPs could be the reason ?
The password is irelevant, they're simply to unlock keystores. Your description is simply impossible. Whatever you think "sharing keys" means is misunderstood or you're not in fact using different servers. The IdP doesn't magically know who you are. Even if it had a bug and wasn't prompting when it should, how would it possibly know who you were to be able to issue an assertion with the right identity in it? It's self evident that this is impossible.
-- Scott
More information about the users
mailing list