MODLOGSAML-209 | Increase SSO maximumAuthenticationLifetime from 5 to 8 hours Released as mod-login-saml 2.9.4. This breaking change in the Single Sign On (SSO) login lifetime will likely violate the security policy of some institutions, in this case downgrade to mod-login-saml 2.9.3. | Describe issue impact on business
Institutions need to run mod-login-saml 2.10.1, the Sunflower version, in their Ramsons environment, to mitigate the logout problem MODLOGSAML-208. Impact on business: Institutions fear that the Sunflower version is not compatible with Ramsons resulting in bad feelings. What institutions are affected? (field “Affected Institutions” in Jira to be populated)
Institutions that run Ramsons, and that have a SSO IdP with an authentication lifetime longer than 5 hours. Chalmers and Massey. What is the workaround if exists?
a) Use mod-login-saml 2.10.1 and trust developers that it is fully compatible with Ramsons.
or
b) Use workarounds explained on  MODLOGSAML-208: 500 server error occurring when trying to login via SSOClosedPreview What areas will be impacted by fix (i.e. what areas need to be retested)
Login with SSO. Brief explanation of technical implementation and the level of effort (in workdays) and technical risk (low/medium/high)
Bump maximumAuthenticationLifetime, less than a workday effort, very low technical risk. Brief explanation of testing required and level of effort (in workdays). Provide test plan agreed with by QA Manager and PO.
Login with SSO. What is the roll back plan in case the fix does not work?
Use previous version.
|