In shibboleth2.xml, <Sessions> element controls how the SSO process is managed by the SP. Following child elements inside Sessions control timeouts:
Name | Type | Default | Description |
---|---|---|---|
timeout | seconds | 3600 (1 hour) | Maximum inactivity allowed between requests in a session maintained by the SP. This inactivity applies only to requests to this SP and is not aware of activity between the browser and other web sites . |
lifetime | seconds | 28800 (8 hours) | Maximum duration in seconds that a session maintained by the SP will be valid. |
Shibboleth IDP uses CUWebLogin for primary authentication. The valid SSO session lasts for 10 hours. If you would like to prompt user for netID/password when they access your site even if user already have valid SSO session in CUWebLogin, forceAuthn="true" should be added in <Host> element.