Univention Bugzilla – Bug 49503
Make Idp session timeout configurable
Last modified: 2019-06-26 17:42:56 CEST
When a user authenticates at our identity provider a saml assertion is created for the service provider. In the assertion, an attribute controls how long the session is valid. Users have to reauthenticate after the timeout. This is currently hardcoded to 8 hours in /etc/simplesamlphp/config.php. We should make it configurable by UCR. /etc/simplesamlphp/config.php: 'session.duration' => 8 * (60*60), // 8 hours
Requested here: https://help.univention.com/t/office-365-connector-sign-in-required-every-day/12135
Please have in mind, that the Office365 services have their own time out configuration: https://docs.microsoft.com/de-de/office365/enterprise/session-timeouts?redirectSourcePath=%252fen-us%252farticle%252fsession-timeouts-for-office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40#session-times-for-office-365-services
No Ticket number, resetting "School Customer affected".
db476fd Make IdP session duration configurable with UCR saml/idp/session-duration. The default value is raised from 8 to 12 hours
8b13fb7 yaml
OK: session duration can be set via UCR varialbe OK: UCS variable name, description[den/de] OK: update default from 8 hours to 12 hours OK: YAML
<http://errata.software-univention.de/ucs/4.4/163.html>