The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
Session Timeout
Forum topic: Submitted by jensley on Tue, 2009-09-22 15:08.
I have a situation where the user logs into the IdP and then uses SSO to get to the SP. After a period of time, the user returns to the IdP, but the IdP session has timed out due to inactivity and so the user has to log back into the IdP. Basically, I looking for a SAML way to maintain the session on the IdP as long as there is activity on the SP. Is there a SAML way to do this? If not, is there anything planned in future versions of SAML for this?
Search
SUBSCRIBE
RECENT CONTENT
- SAML Wiki Knowledgebase
10 years ago - SAML 2.0 with java Sample
10 years ago - Govt Computer News: 'The power of one password'
10 years ago
1 reply - OASIS approves SAML 2.0 Errata
10 years ago
1 reply - IBM Pushes Federated Identity Management
10 years ago
1 reply - VMware Unveils Horizon App Manager
10 years ago
1 reply
Navigation
Currently online: 2 guests and 0 users:
Distributed timeout
The use case is usually referred to (by me anyway) as a distributed timeout feature. No, SAML doesn't include it. I'm not aware of any proposals to do so.
People are known to "hack" this using web bugs, hidden frames, etc. A quality of good IdP (or SP) implementations is exposing features people can use to build up solutions outside the standard.
Agreed
Before I created a hack to expose a feature to prevent this issue, I wanted to make sure that I wasn't missing anything in the SAML standard.
have similar question
have similar question:
Question: is there a SAML 1.1 or 2.0 way to synchronize the session on the IdP as long as there is user-activity on the SP
What out of box SAML 2.0 or XACML standards will assist with synchronizing session ?
Will SP "Assertion Query/Request Profile" type of query to IDP be used synchronize sessions ?