RelyParty redirect URL
Christopher Bongaarts
cab at umn.edu
Thu Jul 2 15:59:34 UTC 2020
On 7/2/2020 10:57 AM, Cantor, Scott wrote:
> On 7/2/20, 11:20 AM, "users on behalf of Joseph Fischetti"<users-bounces at shibboleth.net on behalf of Joseph.Fischetti at marist.edu> wrote:
>
>> Is there any way to force the JSESSIONID to exist in the flowExecutionUrl (i.e. it doesn't always), or is it available as a
>> variable I can access in a velocity template?
> That's terrible security practice, but it won't matter anyway.
>
> It's already in a cookie, and if the cookie isn't sent back, nothing's going to work right anyway. And if the session is actually just expired, including it in the URL won't help.
>
> Whatever you're doing either isn't technically possible or it's relying on the session lasting long enough, which there's no guarantee of (but the timeout value is not up to the IdP, it's set by the container, and is changeable).
Does SameSite come into play in this situation?
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200702/653ea604/attachment.htm>
More information about the users
mailing list