SAML IdP session is not timely updated when a role is assumed or switchbacked

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

16.95k stars 1.7k forks source link

SAML IdP session is not timely updated when a role is assumed or switchbacked #43620

Open flyinghermit opened 3 days ago

flyinghermit commented 3 days ago

Expected behavior:

Assumed roles are immediately applied to SAML IdP session.

Current behavior:

I have seen inconsistent behavior during my test. I noticed that some times assuming role and switching back is immediately reflected in SAML IdP session. Sometimes, it takes much longer, I had to wait for 2~ minutes at one point.

Bug details:

Teleport version: Tested in cloud version 15.4.4.