search cancel

Validity Duration seconds and SP Session Validity Duration

book

Article ID: 42513

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue/Problem/Symptoms: 

When using Legacy Federation as IDP ,SP is complaining that their Session is getting timeout as Validity duration from IDP side sent within the assertion is set to 60 seconds.

How to control this ? 

 

Environment:  

Policy server 12 SP3 and 12.5x

 

Cause: 

N/A

 

Resolution/Workaround:

There are two Validity period that you can configure Through Siteminder Legacy Federation as Follows:

 

** Setting 1 --> "Validity Duration seconds"

Under SAML Service Providers --> SAML Profiles --> SSO ,we have the "Validity Duration seconds" 

The validity Duration seconds specifies the time that the assertion will be valid for before it expires.

The default is 60 seconds which means that when generated ,the SP side has 60 seconds to consume it before it expires.

 

** Setting 2 --> "SP Session Validity Duration"

Under SAML Service Providers --> General --> Advanced SSO Configuration ,we have the "SP Session Validity Duration"

If set ,this setting within the assertion instructs how long the session will live on the SP side once assertion is consumed .

This setting can be set for the below values :

 

1) Use Assertion Validity

2) Omit ( not used) 

3) IDP session ( will inherit the session details from the realm protecting your auth URL)

4) Custom (lets you define a custom value)

 

Additional Information:

N/A

 

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: