Univention Bugzilla – Bug 52873
SAML-Session stays alive after Browser is closed
Last modified: 2021-03-15 18:55:53 CET
This bug is related to https://forge.univention.org/bugzilla/show_bug.cgi?id=52353 which covers the issue from the UMC Session point of view (UMCSessionId). We require the same behaviour as requested in the referenced bug but also for the session provided from the SAML IdP that is identified by "SimpleSAMLSessionID".
Created attachment 10642 [details] chromium cookie expiration How can this issue be reproduced? In Chromium i see that the cookie is set to expire when the browser session ends, see screenshot. In the simplesaml config.php we configure 'session.cookie.lifetime' => 0,
Florian told me that https://forge.univention.org/bugzilla/show_bug.cgi?id=52353 requires a parallel bug for the SAML session as well. Actually I didn't verify that on the technical level before. But I can confirm that the SAML cookie is set as "session" cookie. So either this bug can be rejected or Florian can comment, if there was an understanding and this bug has a different scope. I'll notify him.
Erik is right. This is already implemented for the IDP side.