The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Session Timeout

I have a situation where the user logs into the IdP and then uses SSO to get to the SP.  After a period of time, the user returns to the IdP, but the IdP session has timed out due to inactivity and so the user has to log back into the IdP.  Basically, I looking for a SAML way to maintain the session on the IdP as long as there is activity on the SP.  Is there a SAML way to do this?  If not, is there anything planned in future versions of SAML for this? 

The use case is usually referred to (by me anyway) as a distributed timeout feature. No, SAML doesn't include it. I'm not aware of any proposals to do so.

People are known to "hack" this using web bugs, hidden frames, etc. A quality of good IdP (or SP) implementations is exposing features people can use to build up solutions outside the standard.

Before I created a hack to expose a feature to prevent this issue, I wanted to make sure that I wasn't missing anything in the SAML standard. 

have similar question:

Question:  is there a SAML 1.1 or 2.0 way to synchronize the session on the IdP as long as there is user-activity on the SP

What out of box SAML 2.0 or XACML  standards will assist with synchronizing session ?

Will SP  "Assertion Query/Request Profile" type of query to IDP be used synchronize sessions ? Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I