The Session Server stores data for the following federation features:
SAML artifact authentication--when artifact authentication is used (SAML 1.x or 2.0), the assertion generator produces a SAML assertion along with an associated artifact that identifies the generated assertion. The artifact is returned to the consumer/Service Provider, while the assertion is stored by the Session Server until the artifact is used to retrieve the assertion.
Note: SAML POST profile authentication does not store assertions in the Session Server.
Single logout--with SAML 2.0 single logout enabled, information about the user's session is stored in the Session Server by the assertion generator and the authentication scheme. When a single logout request is completed, the user's session information is removed from the session store.
Sign-out --with WS-Federation sign-out enabled, the WS-Federation authentication scheme puts some context information into the Session Server so that a Sign-Out request can be generated. When a signout request is completed, the user's session information is removed from the session store.
Single use policy--A single use policy is enabled for SAML 2.0 and for WS-Federation by a storage mechanism called expiry data, which is time-based data about the assertion stored by the authentication scheme in the Session Server. Expiry data storage ensures that a SAML 2.0 POST or WS-Federation assertion is only used a single time.
