This guide shows how to configure the various timeouts for a Shibboleth Service Provider (SP) session.
Introduction
There are several timeout settings available for an SP’s use, all configured by attributes in the Session element of the shibboleth2.xml
configuration file.
Attribute |
Meaning |
---|---|
lifetime |
Maximum duration of an SP session, regardless of activity (in seconds) |
timeout |
Maximum inactivity time (in seconds). This is for browser requests that involve the SP, not browser activity in general. |
maxTimeSinceAuthn |
Maximum time allowed (in seconds) between the the act of authentication at the idp and an attempt to access the SP. This can be used to assure that a forced reauthentication was invoked. |
See Also
Shibboleth Project’s NativeSPSessions reference