Configure Service Provider Timeouts

Last updated: May 31, 2024
Audience: IT Staff / Technical

This guide shows how to configure the various timeouts for a Shibboleth Service Provider (SP) session.

Introduction

There are several timeout settings available for an SP’s use, all configured by attributes in the Session element of the shibboleth2.xml configuration file.

Attribute

Meaning

lifetime Maximum duration of an SP session, regardless of activity (in seconds)
timeout Maximum inactivity time (in seconds). This is for browser requests that involve the SP, not browser activity in general.
maxTimeSinceAuthn Maximum time allowed (in seconds) between the the act of authentication at the idp and an attempt to access the SP. This can be used to assure that a forced reauthentication was invoked.

See Also

Shibboleth Project’s NativeSPSessions reference