How can an SP reset a session timer at the IDP?
The SAML specs do not specify a method for doing this.
One proposition is to use an authnrequest message with isPassive set.
The following table lists IDP products which refresh the IDP session timer upon receipt of a valid isPassive authnrequest with a success response. Other notes can be added if there are additional methods.
Product/Service |
Source |
isPassive() refreshes IDP timeout |
---|---|---|
Ubisecure SSO |
Keith |
Custom refresh URL also available |
Shibboleth |
Scott |
No idle timeout is enforced, only an absolute lifetime on authn methods |
CA Siteminder |
Denny |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|