SP session lifetime/timeout

Mikael Bak bak.mikael at oszk.hu
Thu Jul 18 09:24:47 EDT 2019

Hi Scott,

On 2019. 07. 18. 14:58, Cantor, Scott wrote:
> On 7/18/19, 8:53 AM, "users on behalf of Mikael Bak" <users-bounces at shibboleth.net on behalf of bak.mikael at oszk.hu> wrote:
>> What is the best way to investigate that? I tried SAML-tracer (a Firefox
>> plugin), but I did not seem to see any assertion in there.
> You saw an encrypted one.

Makes sense.

>> I looked in /var/log/shibboleth/shibd.log but I did not find
>> SessionNotOnOrAfter in it.
> You have to adjust logging, the categories are commented in the file. It doesn't dump everything in production as a default.

I now see this in the log:

<saml:AuthnStatement AuthnInstant="2019-07-18T13:10:34Z"
SessionNotOnOrAfter="2019-07-18T21:10:34Z" SessionIndex="[removed]">

It's 8 hours, just as IdP promised.

Is it now safe to assume that my SP is misconfigured?


More information about the users mailing list