Idle Timeout and Max Timeout within the Federation Partnership Configuration

book

Article ID: 194509

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

There are Idle Timeout and Max Timeout controls within the SSO & SLO page of a federation partnership, but the realm protecting the Authentication URL also has these controls.  The controls in the partnership do not seem to have any effect on the user's IDP or SP session.  What are these session limit controls in the partnership user for?


This is for a Local IDP -> Remote SP SAML partnership.

Cause

These session limits should not be visible unless Delegated Authentication is specified.

Environment

Release : ALL

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

These session limits on the SSO & SLO page of a local IDP partnership are only used when Delegated Authentication is enabled. These controls should not be visible when Local authentication is specified as they will have no effect with any authentication methods except Delegated.