Login Page/Flow Timeout?

[Cantor, Scott]

> Sometime during lunch, the SP times out and attempts to re-authenticate by
> redirecting to the IDP.

Plan A is to tell it to stop doing that.

> We are assuming this is happening because the IDP can not wait forever and
> has passed some timeout.

Java container session timeout set in web.xml

> We are being asked to provide a link to the SP that was requesting
> authentication. Does this page have that type of information available?

The default page/example identifies the SP.

> Any other thoughts on how to address this?

My method is to order people that connect to my system to either disable short timeouts or don't come complaining when they cause problems. I suppose if your SSO system has such short timeouts that this actually leads to re-authentication, then you're not in the same boat. Most of the time an app timeout that's anything but hours just results in a fresh session and it's pointless.

-- Scott