Subject: Cross domain session timeouts
Does SAML 2.0 provide any capabilities such as:
1. Prevent session idle timeout at IDP while user is browsing SP site? (keep-alive)
2. Allow IDP to transmit its session requirements to the SP as part of SAML metadata?
(e.g., "send user back to me for reauthentication after 15 minutes of inactivity")
3. Allow IDP or SP to register a different URI for session timeout than for a regular single logoff (SLO)?
If these capabilities don't exist in the spec, how are they typically dealt with by implementers?
Michael McCormick, CISSP
“THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO"
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.