- Siteminder behaving as IDP with SP as a third party
- Assertion is getting generated by Siteminder with SessionNotOnOrAfter parameter included
- SP consuming the assertion containing the SessionNotOnOrAfter parameter which is causing the SP to terminate the session after 1.5 min (90 seconds)
How can SessionNotOnOrAfter be turned off or modified?
Release: Policy server version -->12.5 CR02 and later (including R12.8SP3)
When the Policy Server IdP sends an assertion, by default it includes the SessionNotOnOrAfter parameter in the Authentication statement of the assertion. A third-party SP can use the value of the SessionNotOnOrAfter to set its own timeout values. The timeout values determine when a user session becomes invalid, which sends the user to reauthenticate at the IdP.
The SessionNotOnOrAfter parameter is NOT to be confused with the NotOnOrAfter parameter used to determine assertion validity and skew time.
To customize the SessionNotOnOrAfter parameter
The options are:
6. Click OK to save the changes.