Hi, The Google Apps implementation of SAML doesn't allow for direct communcation between SP and IdP. It uses HTTP bindings, i.e. it relies on the browser to be the conduit of messages between SP and IdP. SAML is used very limitedly, only for sign in. There isn't even a sign out service.
One workaround is to launch Google Apps in a new window or tab, and have a keep-alive web application which signs the user out (e.g. forwards to a Google Apps sign out URL) if the IdP invalidates the user. It's not foolproof since the user could simply close the keep- alive page. -alex On Mar 25, 7:35 am, swtet <[EMAIL PROTECTED]> wrote: > When using SAML SSO, is there something that I can put in the response > that will cause Google to validate the users identity again at a > certain time? As the identity provider, I keep track of inactivity so > I would like the Google apps to check back on occassion to make sure > the user is still valid. Since I am fairly new to SAML, does this > type of thing make sense to do or is there another way to accomplish > this? If this is not the SAML way, any explanation about that would > be helpful as well. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
