Standardization of SSO implementation

Shotgun has brought its support for SSO into line with the expected responsibilities of a Service Provider under the SAML2 protocol.

This means that it will no longer initiate an additional pop-up window, which was used to periodically re-validate the session with the Identity Provider.

Instead, with SSO configured, Shotgun will:

  • Only attempt to deal with the IdP at authentication time.
  • Comply with any max session age if specified in the SAML request to Shotgun, ending a user’s session after the specified time.
  • Present warning banners to the user, and the option to re-authenticate and seamlessly extend their session ahead of the expiry time (at most, 15 mins beforehand).


Just to clarify this change:

  • it comes with Shotgun version
  • the SSO/YAML config token saml_claims_renew_iframe_embedding_disabled is no longer needed/used
  • older versions of Shotgun (such as those used in local install) will still have the old behaviour.
1 Like

This is great. Thanks for continuing to improve the SSO integrations. For Enterprise customers this is very valuable!


I agree with @Romey, thank you for improving this implementation. This is very helpful.

1 Like