Validity Duration seconds and SP Session Validity Duration
search cancel

Validity Duration seconds and SP Session Validity Duration

book

Article ID: 42513

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When using Symantec SiteMinder Legacy Federation as the IDP, the SP is complaining that their Session is getting a timeout as the Validity duration from IDP side sent within the assertion is set to 60 seconds. How can this be adjusted?

 

 

 

Environment

Applies to R12.8.x Legacy Federation

Resolution

There are two Validity periods that you can configure through Symantec SiteMinder Legacy Federation:

 

** Setting 1 --> "Validity Duration seconds"

Under SAML Service Providers --> SAML Profiles --> SSO ,we have the "Validity Duration seconds" 

The validity Duration seconds specifies the time that the assertion will be valid for before it expires.

The default is 60 seconds which means that when generated ,the SP side has 60 seconds to consume it before it expires.

 

** Setting 2 --> "SP Session Validity Duration"

Under SAML Service Providers --> General --> Advanced SSO Configuration ,we have the "SP Session Validity Duration"

If set ,this setting within the assertion instructs how long the session will live on the SP side once assertion is consumed .

This setting can be set for the below values :

 

1) Use Assertion Validity

2) Omit ( not used) 

3) IDP session ( will inherit the session details from the realm protecting your auth URL)

4) Custom (lets you define a custom value)