|
|
|
The settings in the Customize Validity Duration dialog determine whether the IdP adds the SessionNotOnOrOAfter attribute to a SAML assertion. If the attribute is in the assertion, the dialog lets you determine the duration of the session between the user and the IdP.
This configuration setting is available only at the SiteMinder IdP. It only instructs the IdP what value it should set for the SessionNotOnOrAfter parameter in the assertion. The setting does not set any timeout value at the SP.
Important! If SiteMinder is acting as an SP, it ignores the SessionNotOnOrAfter value. Instead, a SiteMinder SP sets session timeouts based on the realm timeout that corresponds to the configured SAML authentication scheme that protects the target resource.
The options are:
Determines the use and duration of the SessionNotOnOrOAfter attribute in an assertion.
Options:
Calculates the SessionNotOnOrAfter value based on the assertion validity duration.
Instructs the IdP not to include the SessionNotOnOrAfter parameter in the assertion.
Calculates the SessionNotOnOrAfter value based on the IdP session timeout. The timeout is configured in the IdP realm for the authentication URL . Using this option can synchronize the IdP and SP session timeout values.
Lets you specify a custom value for the SessionNotOnOrAfter parameter in the assertion. If you select this option, enter a time in the SAML_SP_CUSTOM_TIME_OUT property.
Specifies the amount of time set for the SessionNotOnOrAfter parameter in the assertion. This setting lets you designate any amount of time that suits your environment.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |