OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Informing SP about session invalidated in IDP

On Sat, Jan 18, 2014 at 1:00 AM, Phalguni Mukherjee
<phalgunimukherjee1007@gmail.com> wrote:
> I was trying to use SAML through SSO,my question is when a session becomes
> invalid in IDP, how does IDP notifies this to SP

Unlike newer cross-domain SSO solutions (such as OpenID Connect), SAML
has no session management built into the spec. Yes, an
*implementation* of SAML Web Browser SSO will have to deal with
sessions but the *specification* is silent on this point. As a
practical matter, session management is handled independently at the
IdP and SP (which is why SAML Single Logout doesn't really work).

> if I have multiple copy of
> SP sitting in geographically distributed region sitting behind a load
> balancer,how the message reaches a particular SP as the DNS name for all
> will be same.

Given the above, I think you can now see that that is irrelevant.

Hope this helps,


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]