Bug 49503 - Make Idp session timeout configurable
Make Idp session timeout configurable
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Erik Damrose
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-20 09:39 CEST by Erik Damrose
Modified: 2019-06-26 17:42 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Ticket number: 2019062321000363
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2019-05-20 09:39:07 CEST
When a user authenticates at our identity provider a saml assertion is created for the service provider. In the assertion, an attribute controls how long the session is valid. Users have to reauthenticate after the timeout.

This is currently hardcoded to 8 hours in /etc/simplesamlphp/config.php. We should make it configurable by UCR.

/etc/simplesamlphp/config.php:
'session.duration'              =>  8 * (60*60), // 8 hours
Comment 4 Arvid Requate univentionstaff 2019-06-03 15:58:08 CEST
No Ticket number, resetting "School Customer affected".
Comment 5 Erik Damrose univentionstaff 2019-06-25 14:21:53 CEST
db476fd Make IdP session duration configurable with UCR saml/idp/session-duration. The default value is raised from 8 to 12 hours
Comment 6 Erik Damrose univentionstaff 2019-06-25 14:26:28 CEST
8b13fb7 yaml
Comment 7 Florian Best univentionstaff 2019-06-26 12:07:33 CEST
OK: session duration can be set via UCR varialbe
OK: UCS variable name, description[den/de]
OK: update default from 8 hours to 12 hours
OK: YAML
Comment 8 Arvid Requate univentionstaff 2019-06-26 17:42:56 CEST
<http://errata.software-univention.de/ucs/4.4/163.html>