administratively invalidate user's SSO session(s)
cantor.2 at osu.edu
Thu Jan 13 22:54:29 UTC 2022
On 1/13/22, 5:18 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:
> Got it. That’s actually somewhat helpful in resisting a demand to literally remove existing SSO sessions for a
> user via API.
If you have a developer that wants to reverse engineer what's involved, I can point them at the relevant bits, there's an admin flow that supports generic storage service CRUD operations (localhost of course by default so it's not a threat) and then it's a matter of plowing into the session layout, which is somewhat documented in the design material.
More information about the users