Standardization of SSO implementation

zoe.glynn · August 27, 2020, 7:48pm

Shotgun has brought its support for SSO into line with the expected responsibilities of a Service Provider under the SAML2 protocol.

This means that it will no longer initiate an additional pop-up window, which was used to periodically re-validate the session with the Identity Provider.

Instead, with SSO configured, Shotgun will:

Only attempt to deal with the IdP at authentication time.
Comply with any max session age if specified in the SAML request to Shotgun, ending a user’s session after the specified time.
Present warning banners to the user, and the option to re-authenticate and seamlessly extend their session ahead of the expiry time (at most, 15 mins beforehand).

patrick-hubert-adsk · August 31, 2020, 10:46pm

Just to clarify this change:

it comes with Shotgun version 8.16.0.5225
the SSO/YAML config token saml_claims_renew_iframe_embedding_disabled is no longer needed/used
older versions of Shotgun (such as those used in local install) will still have the old behaviour.

Romey · September 4, 2020, 3:59pm

This is great. Thanks for continuing to improve the SSO integrations. For Enterprise customers this is very valuable!

christian.deiss · September 5, 2020, 12:36am

I agree with @Romey, thank you for improving this implementation. This is very helpful.

Topic		Replies	Views
Maintaining user identity from SSO, within web AMI for shotgun API (and more) Pipeline Integrations ami , security , sso	13	2342	February 13, 2021
Keep randomly asking to Log In, after SSO enabled for the site Flow Production Tracking	1	1718	October 17, 2019
Python API/Rest API and authentication with SSO enabled Pipeline Integrations rest-api , python-api , fptr-tk	18	10921	November 4, 2021
Mixed Auth, SSO/Shotgun Auth Flow Production Tracking	1	904	June 26, 2020
Renew session token after AuthenticationFault for custom sg implementation Pipeline Integrations	1	318	September 6, 2021

Standardization of SSO implementation

Related topics