There are two timeouts - SAML session timeout in WSS and cookie timeout.
1. SAML session timeout in WSS server-side
- timeout duration is 12 hours and this is not customizable
- Once it times out there will be another authentication prompt. That is where the cookie timeout comes into play.
2. Cookie session timeout
- When WSSA launches the window to authenticate, the cookies in that browser window will determine if the user is actually prompted, or if the login happens automatically.
- If the login happens automatically, the user will notice a brief "flash" of the login window, and then it would go away and they would be logged in.
- The cookie session duration is 100% configured and/or managed by the IdP. Depending on your IdP, you may be able to modify that timeout. However - in all IdPs that we are aware of, the authentication cookie that is set is a session cookie - so it will not be persisted across reboots.