SAML authentication timeout settings with WSS agent
search cancel

SAML authentication timeout settings with WSS agent


Article ID: 235342


Updated On:


Cloud Secure Web Gateway - Cloud SWG


What are SAML authentication timeout settings when using the WSS agent.


WSSA with SAML Authentication


There are two timeouts - SAML session timeout in WSS and cookie timeout. 

1. SAML session timeout in WSS server-side

  • timeout duration is 24 hours and this is not customizable
  • Once it times out there will be another authentication prompt. That is where the cookie timeout comes into play.

2. Cookie session timeout 

  • When WSSA launches the window to authenticate, the cookies in that browser window will determine if the user is actually prompted, or if the login happens automatically.
  • If the login happens automatically, the user will notice a brief "flash" of the login window, and then it would go away and they would be logged in.
  • The cookie session duration is 100% configured and/or managed by the IdP.  Depending on your IdP, you may be able to modify that timeout. However - in all IdPs that we are aware of, the authentication cookie that is set is a session cookie - so it will not be persisted across reboots.

Additional Information

SAML Support for WSS Agent