SAML2 and SLO Session Timeout

Question

SAML2 and SLO Session Timeout

We have SAML2 IDAM configured with a session idle timeout of like 30 minutes. After a single login, the user will successfully log in. Now SP is also configured for SAML Single Logout (SLO). It appears that even when users are running the SP application, session time occurs. I was wondering if this is due to the inactivity of the session set by @IDP. I would like to understand how IDP knows that user sessions are active @SP so that it does not issue SLO. Any ideas?

+4

session-timeout saml-2.0

mithrandir Jul 26 '14 at 2:34

source share

1 answer

Vladimír Schäfer · Accepted Answer · 2014-07-27T18:53:01+0000

In most cases, IDP implementations do not cause a single logout when an IDP session expires. One reason is that many SP implementations do not support single logoff using a backend channel (using a SOAP call) and that the only binding is available in this situation.

Your SP session is likely to expire because it follows the parameter sessionNotOnOrAfterthat is included in Authentication statementfrom Assertionincluded in the ResponseSAML message sent from IDP during a single sign-on.

, - SP, , - IDP ( , sessionNotOnOrAfter), IDP, , SP - ( , SP ).

, SP , sessionNotOnOrAfter , IDP.

, , , - , .

SAML2 and SLO Session Timeout

More articles: