When using Symantec SiteMinder Legacy Federation as the IDP, the SP is complaining that their Session is getting a timeout as the Validity duration from IDP side sent within the assertion is set to 60 seconds. How can this be adjusted?

Applies to R12.8.x Legacy Federation

There are two Validity periods that you can configure through Symantec SiteMinder Legacy Federation:

** Setting 1 --> "Validity Duration seconds"

Under SAML Service Providers --> SAML Profiles --> SSO ,we have the "Validity Duration seconds" 

The validity Duration seconds specifies the time that the assertion will be valid for before it expires.

The default is 60 seconds which means that when generated ,the SP side has 60 seconds to consume it before it expires.

** Setting 2 --> "SP Session Validity Duration"

Under SAML Service Providers --> General --> Advanced SSO Configuration ,we have the "SP Session Validity Duration"

If set ,this setting within the assertion instructs how long the session will live on the SP side once assertion is consumed .

This setting can be set for the below values :

1) Use Assertion Validity

2) Omit ( not used) 

3) IDP session ( will inherit the session details from the realm protecting your auth URL)

4) Custom (lets you define a custom value)