What are the default timeouts for the SAML Identity Provider (IdP) & target applications?
Steve Thorpe - Wed, 12/03/2014 - 13:42Hello
- Individual Applications (Service Providers) have their own timeouts -- it is Application dependent.
The NCEdCloud IAM Service RapidIdentity Portal:
Login Screen inactivity timeout (you go to the login screen but don't login) = 5 minutes
- If timed-out here, close the unused login window/tab, open a new window/tab and start over.
- Once in the NCEdCloud portal, the inactivity timeout = 8 Hours
- Login Screen inactivity timeout (you go to the login screen but don't login) = 5 minutes
SAML assertion timeout = it is valid for 5 minutes (the assertion itself)
- Individual Applications (Service Providers) can have a different timeout for their session(s). If it is > 5 minutes and that timeout occurs, they will check the SAML assertion and then handle it however they want to handle it.
In general it is best that users completely close their browser when they are done.
- One example is Google Apps. If Google Apps is integrated with the IAM Service and a user logs in, they stay logged in until they close the browser, which could be days or weeks.