How can an SP reset a session timer at the IDP?
The SAML specs do not specify a method for doing this, or in fact require any form of timeout at an IdP.
One proposition is to use an authnrequest message with isPassive set.
...
Product/Service | Source | isPassive() refreshes IDP timeout |
|---|---|---|
Ubisecure SSO | Keith | |
Shibboleth | Scott | No idle timeout is enforced, only an absolute lifetime on authn methods |
CA Siteminder | Denny | |
Microsoft ADFS 2 | Thomas | Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Custom refresh URL also available