How do session timeouts work in PicketLink IDPs and SPs?

Solution Verified - Updated -

Issue

How do session timeouts work in PicketLink IDPs (Identity Provider) and SPs (Service Provider)?

  1. Let's assume that a user wants to call an SP authenticates via an IDP and continues using the SP. This creates a session between the browser and the IDP. After the user has authenticated all traffic goes between the browser and the SP. Then the session between the browser and the IDP must time out at some stage, and then I assume the user has to log in again? Or, is there some mechanism that extends the session in order to prevent it from timing out?

  2. Do you have any best practices for setting the timeout values for sessions in SPs and IDPs? I do not need exact numbers, just hints such as e.g. "keep the session timeout value for IDPs high, 15-30 mins while you keep the timeout value for SPs lower, x mins".

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 5.1.2
    • 6.x
  • PicketLink
    • 2.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content