IDP idle timeout management using session refresh via isPassive

Owned by Former user (Deleted)
Last updated: Feb 08, 2012 by Former user (Deleted)Version comment
1 min read

How can an SP reset a session timer at the IDP?
The SAML specs do not specify a method for doing this, or in fact require any form of timeout at an IdP.

One proposition is to use an authnrequest message with isPassive set.

The following table lists IDP products which refresh the IDP session timer upon receipt of a valid isPassive authnrequest with a success response. Other notes can be added if there are additional methods.

Product/Service

Source

isPassive() refreshes IDP timeout

Ubisecure SSO

Keith

(tick) Custom refresh URL also available

Shibboleth

Scott

No idle timeout is enforced, only an absolute lifetime on authn methods

CA Siteminder

Denny

(tick)

Microsoft ADFS 2

Thomas

Yes