Terminate session if user does not accept terms&conditions

[Cantor, Scott]

On 6/10/21, 9:01 AM, "users on behalf of Oluf Færø" <users-bounces at shibboleth.net on behalf of ofa at klintra.fo> wrote:

>    The current behaviour may be an issue when a public computer is used to start a service provider initiated
> SAML2 login flow.

SSO is impossible to rely on for a public computer, this is merely the tip of that iceberg. What you would want to do at minimum is hardwire in the flag that always prevents session use there but the most reliable fix is just hardwiring all the login flows to never persist, there's a condition to control that.

-- Scott