shibboleth-dev - IDP.ForceAuthn and SP.SLO implementation questions
Subject: Shibboleth Developers
List archive
- From: Peter Williams <>
- To: shib <>
- Subject: IDP.ForceAuthn and SP.SLO implementation questions
- Date: Fri, 12 Jun 2009 14:04:54 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
when the IDP processes a ForceAuthn=true request, given the user has an
existing IDP session and SAML session, does the subsequent issuance of a SAML
Assertion always start a new SAML session? Or does configuration control
whether the same SAML sessionid is cited, along with an PreviousSession
authcontext?
If I recall, the Shib2 SP is stateless (though has support for SLO).
does the SP support sp-initated SLO? (at least in principle)?
how long WOULD the SP retain SLO-related state?
In principle, is SLO state to be retained by an SP for the lifetime of the
SAML session?
if the SAML SP in question is dealing with SAML session of 24h (say), and is
receiving 60 transactions a second, that's alot of SLO state to retain. The
lifetime of the SAML session and the whether a SAML session might be "reused"
in that 24h by a given user are obviously factors in computing SLO state
management sizing.
- IDP.ForceAuthn and SP.SLO implementation questions, Peter Williams, 06/12/2009
- RE: [Shib-Dev] IDP.ForceAuthn and SP.SLO implementation questions, Scott Cantor, 06/12/2009
Archive powered by MHonArc 2.6.16.