shibboleth-dev - Re: [Shib-Dev] Steps towards SLO
Subject: Shibboleth Developers
List archive
- From: Kristof BAJNOK <>
- To:
- Subject: Re: [Shib-Dev] Steps towards SLO
- Date: Wed, 15 Jul 2009 21:07:00 +0200
- Organization: NIIF Institute
On Wednesday 15 July 2009 Scott Cantor wrote:
> >>> association forever. If the SP session could be limited to be shorter
> >>> than the IdP session, that would be sufficient, but AFAIK there is no
> >>> limit in the SP session lifetime provided that there is regular user
> >>> activity.
>
> That's what SessionNotOnOrAfter is for. It is not true that user activity
> indefinitely extends the session. That's a "lifetime" issue. Activity
> affects timeout behavior only. SessionNotOnOrAfter caps the session
> lifetime.
Yup, I'd better check the docs closer next time... :/
BTW, is there a way for the IdP to insert SessionNotOnOrAfter into the
AuthnStatement to control SP session lifetime?
So a federation that wants to 'support' SLO needs at least mandate the
minimum length of inactivity timeout in the IdPs to be longer than the
maximum allowed SP session lifetime. Good to write up on the post-it of
requirements. Why am I thinking it's not the last one?
Thanks for the clarification. I really appreciate your help with
our 'guerilla' development. I know that supporting users is not as bad as
dealing with friendly developers. ;)
Kristof
--
Kristof BAJNOK
Systems Engineer / Middleware
NIIF / Hungarnet
Hungary
- Steps towards SLO, Kristof BAJNOK, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Chad La Joie, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Adam Lantos, 07/15/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Kristof BAJNOK, 07/15/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Peter Schober, 07/15/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Peter Schober, 07/16/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/16/2009
- Re: [Shib-Dev] Steps towards SLO, Peter Schober, 07/16/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Kristof BAJNOK, 07/15/2009
- RE: [Shib-Dev] Steps towards SLO, Scott Cantor, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Adam Lantos, 07/15/2009
- Re: [Shib-Dev] Steps towards SLO, Chad La Joie, 07/15/2009
Archive powered by MHonArc 2.6.16.