SAML authentication timeout settings with WSS agent
Article ID: 235342
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
What are SAML authentication timeout settings when using the WSS agent.
Environment
WSSA with SAML Authentication
Resolution
There are two timeouts - SAML session timeout in WSS and cookie timeout.
1. SAML session timeout in WSS server-side
- timeout duration is 24 hours and this is not customizable
- Once it times out there will be another authentication prompt. That is where the cookie timeout comes into play.
2. Cookie session timeout
- When WSSA launches the window to authenticate, the cookies in that browser window will determine if the user is actually prompted, or if the login happens automatically.
- If the login happens automatically, the user will notice a brief "flash" of the login window, and then it would go away and they would be logged in.
- The cookie session duration is 100% configured and/or managed by the IdP. Depending on your IdP, you may be able to modify that timeout. However - in all IdPs that we are aware of, the authentication cookie that is set is a session cookie - so it will not be persisted across reboots.
Additional Information
Feedback
Yes
No
Powered by
