[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Identity Provider Session Timeout
Hello, I’m implementing SSO and SLO with SAML.
What I don’t know is: At some point the user may wish to quit the
browser and, even though the cookie is deleted, the session will remain
active.. I thought of implementing a session timeout (after like 30min of idle
or simply maximum session time of 120 minutes on the IdP).. The problem is.. imagine IdP , SP A and SP
B… the user logs in to IdP and then accesses SP A.. after 3 hours he goes
to SP B and requests SSO.. but since 3 hours is over the timeout, the session
had already been terminated at the IdP so he cannot SSO.. my question is: is
this normal? What behavior should be used in these situations? Thank you Filipa
Moura |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]