Standardization of SSO implementation

zoe.glynn · August 27, 2020, 7:48pm

Shotgun has brought its support for SSO into line with the expected responsibilities of a Service Provider under the SAML2 protocol.

This means that it will no longer initiate an additional pop-up window, which was used to periodically re-validate the session with the Identity Provider.

Instead, with SSO configured, Shotgun will:

Only attempt to deal with the IdP at authentication time.
Comply with any max session age if specified in the SAML request to Shotgun, ending a user’s session after the specified time.
Present warning banners to the user, and the option to re-authenticate and seamlessly extend their session ahead of the expiry time (at most, 15 mins beforehand).

patrick-hubert-adsk · August 31, 2020, 10:46pm

Just to clarify this change:

it comes with Shotgun version 8.16.0.5225
the SSO/YAML config token saml_claims_renew_iframe_embedding_disabled is no longer needed/used
older versions of Shotgun (such as those used in local install) will still have the old behaviour.

Romey · September 4, 2020, 3:59pm

This is great. Thanks for continuing to improve the SSO integrations. For Enterprise customers this is very valuable!

christian.deiss · September 5, 2020, 12:36am

I agree with @Romey, thank you for improving this implementation. This is very helpful.