SP session lifetime/timeout
Mikael Bak
bak.mikael at oszk.hu
Thu Jul 18 09:24:47 EDT 2019
Hi Scott,
On 2019. 07. 18. 14:58, Cantor, Scott wrote:
> On 7/18/19, 8:53 AM, "users on behalf of Mikael Bak" <users-bounces at shibboleth.net on behalf of bak.mikael at oszk.hu> wrote:
>
>> What is the best way to investigate that? I tried SAML-tracer (a Firefox
>> plugin), but I did not seem to see any assertion in there.
>
> You saw an encrypted one.
>
Makes sense.
>> I looked in /var/log/shibboleth/shibd.log but I did not find
>> SessionNotOnOrAfter in it.
>
> You have to adjust logging, the categories are commented in the file. It doesn't dump everything in production as a default.
>
I now see this in the log:
<saml:AuthnStatement AuthnInstant="2019-07-18T13:10:34Z"
SessionNotOnOrAfter="2019-07-18T21:10:34Z" SessionIndex="[removed]">
It's 8 hours, just as IdP promised.
Is it now safe to assume that my SP is misconfigured?
Thanks,
Mikael
More information about the users
mailing list