We have deployed JOSSO2 with a SAML IDP for a customer. We are being asked if a hard timeout configuraiton is possible. Is there are setting for this in JOSSO2?
Hard Timeout = Regardless of user activity or inactivity on a system that the user is logged in on, a timeout is initiated and the user needs to officially reauthenticate to gain access to the system again.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Paul,
Unfortunately there is no native support for this. As a workaround, you might want to modify the TTL (time to live) of cache entries which can be specified in the ehcache.xml descriptor. The downside of this is that it will affect all objects stored within EHCache which are mainly used for maintaining state.
Alternatively, you could trigger an SLO programmically from a separate component.
Regards,
Gianluca.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We have deployed JOSSO2 with a SAML IDP for a customer. We are being asked if a hard timeout configuraiton is possible. Is there are setting for this in JOSSO2?
Hard Timeout = Regardless of user activity or inactivity on a system that the user is logged in on, a timeout is initiated and the user needs to officially reauthenticate to gain access to the system again.
Hi Paul,
Unfortunately there is no native support for this. As a workaround, you might want to modify the TTL (time to live) of cache entries which can be specified in the ehcache.xml descriptor. The downside of this is that it will affect all objects stored within EHCache which are mainly used for maintaining state.
Alternatively, you could trigger an SLO programmically from a separate component.
Regards,
Gianluca.
Thanks!