Announcement Announcement Module
Collapse
No announcement yet.
How to Check whether a valid session is still existing at IDP? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to Check whether a valid session is still existing at IDP?

    I've implemented SSO using Spring Security SAML. Here is what currently working for me:
    When I try to access any resource at SP, I'm redirected to IdP(idp.ssocircle.com in my case) if I'm not logged in already. After successful authentication at IDP, I'm redirected back to SP and authorize the incoming SAML response and create a session for the respective user. Everything is fine till here! But when I log out from my IDP(by clicking logout from idp.ssocircle.com externally), I shouldn't be able to access my SP which is not happening in my case. Now what I'm thinking to do is may be write a new filter which checks for a valid session at IDP before processing any request on SP. I've searched a lot but couldn't find any solution to my problem.
    Please give inputs on how can I implement this filter or is there any other way of doing this(may be any existing Spring filter which can check for the session at IDP)? Any suggestions are appreciated.

  • #2
    There should be a filter on the security context chain called "samlLogoutFilter". You can configure that filter and the underlying beans or you can generate your own if you have more specific needs.

    Comment


    • #3
      See response to the same question at http://stackoverflow.com/questions/2...xisting-at-idp

      Comment

      Working...
      X