Shotgun has brought its support for SSO into line with the expected responsibilities of a Service Provider under the SAML2 protocol.
This means that it will no longer initiate an additional pop-up window, which was used to periodically re-validate the session with the Identity Provider.
Instead, with SSO configured, Shotgun will:
- Only attempt to deal with the IdP at authentication time.
- Comply with any max session age if specified in the SAML request to Shotgun, ending a user’s session after the specified time.
- Present warning banners to the user, and the option to re-authenticate and seamlessly extend their session ahead of the expiry time (at most, 15 mins beforehand).