Federation Manager Guide › Session Duration Management at a Service Provider › How to Manage the Authentication Session Duration at a Service Provider › Include a Session Duration Attribute in an Assertion
Include a Session Duration Attribute in an Assertion
The configuration for session duration is done at the IdP. The assertion sent to the SP includes the session attribute that the SP uses to set timeout values for SP site.
Important! If Federation Manager is acting as an SP, it ignores the SessionNotOnOrAfter value. Instead, the SP sets session timeouts from the realm timeout that corresponds to the SAML authentication scheme protecting the target resource.
Follow these steps:
- Log in to the Federation Manager UI.
- Select the IdP->SP partnership you want to modify.
- Navigate to the SSO and SLO step.
- In the SSO section, select the option for the Recommended SP Session Duration. If you select the customize option, you can select one of the following options:
- omit the attribute
- set the attribute to the IdP session timeout
- specify your own duration period
Note: Click Help for a description of fields, controls, and their respective requirements.
- Select the Confirm step after you complete your changes and click Finish.
Based on the configuration, a session attribute is placed in the assertion and sent to the SP.
|
Copyright © 2012 CA.
All rights reserved.
|
|
