Transientid and session timeout
Julian Williams
julian.williams at it.ox.ac.uk
Mon Feb 19 08:01:04 EST 2018
On 19/02/18 12:24, Peter Schober wrote:
> * Julian Williams <julian.williams at it.ox.ac.uk> [2018-02-19 13:13]:
>> In our environment both idp.authn.defaultLifetime and
>> idp.authn.defaultTimeout are not changed from the default values, 60 &
>> 30min respectively according to the docs[0]. So we'd still expect
>> re-authentication after 60min but this hidden from the users in our
>> environment as we have Shibboleth sitting on top of another SSO layer
>> that uses Stanford WebAuth which has a much longer SSO session. So
>> currently the 60min session timeout is only causing a problem for SLO
>> requests.
>
> Did you change this setting in idp.properties?
>
> # Extra time to store sessions for logout
> #idp.session.slop = PT0S
Yes we do seem to have also changed that in the environment we are
testing this with:
idp.session.slop = PT60M
I had noticed that before but thought that this value acted in addition
to the idp.session.timeout which we have set to 8 hours:
idp.session.timeout = PT8H
Cheers,
Julian
--
Julian Williams (Systems Developer, Identity and Access Management)
IT Services, University of Oxford
More information about the users
mailing list