SP timing out after 60 minutes.

MikeWho who at me.com
Thu Feb 21 11:58:06 EST 2013

> Check your IdP's assertions and see if the SessionNotOnOrAfter attribute
> is being set.

Hi Scott, many thanks. That seems to be precisely it; it's set to 1 hour
after the issuing of the assertion. I assume the next step is to request
that the IdP extend this attribute. In our talks they stated they weren't
limiting the session duration on their end, but (as I understand it) by
setting SessionNotOnOrAfter they're doing just that. 

(Incidentally, I had some trouble exporting the assertions, until I realised
the StorageService/SessionCache tags above were preventing assertions being
exported - possibly because cacheAssertions was set to false? Might be a
useful heads-up to anyone else having difficulty exporting assertions).

>Never set cacheTimeout *and* cacheAllowance, they're mutually exclusive.
cacheAllowance is the newer one and is easier to use, it just adds slop to
keep an expired session around longer for logout (which you are unlikely to
be using).

-- Scott

Ah, thanks! I'll make that change. 

Appreciate your help!

View this message in context: http://shibboleth.1660669.n2.nabble.com/SP-timing-out-after-60-minutes-tp7584660p7584746.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.

More information about the users mailing list