...
IdP sessions are by default bound to an "address" in order to prevent trivial session takeover simply through session cookie exposure. This can be disabled via the Idp.session.consistentAddress property or relaxed in various ways through the relaxed in various ways through the iidp.sessp.sessioon.c.connsiistententAddAddressCessCondinditionion ext extennsion p poiint. It it. It idp.session.consistententAddressCondition extension point. It is deeply ill-adv deeply ill-advised ed to simply disable this checking o simply disable this checking entiirely entirely and it ily and it is deeply un deeply unsafe to afe to operate perate networks that hietworks that hide a plethora of cle a plethora of clienents behs behind a sind clients behind a single address.gle address.
The session address binding layer supports simultaneous binding of sessions to both IPv4 and IPv6 addresses so clients may use both types and float between them.
...