This topic has 3 replies, 2 voices, and was last updated 3 years, 7 months ago by Peter Major.

  • Author
    Posts
  • #22181
     aniru2dh
    Participant

    Hi All,

    We are currently working on a POC to setup SAML Federation. we are looking for settings or options available at OpenAM to maintain the session timeouts consistently across IDP and SP. The SP need to honor the timeouts of IDP irrespective of the settings at SP side.

    OpenAM is acting as IDP. What we would like to achieve is to have a sync of session timeouts between IDP and SP. For instance, if user has logged into the application, the session is generated at OpenAM and timeout values(max session and Idle timeout) are set. User session expires at IDP because of max session/Idle timeout but still user continue to access the application as there is no control over the local session of SP.

    Any suggestions would be appreciated.

    Thanks,
    Anirudh.

    #22191
     Peter Major
    Moderator

    You could enable session synchronization at the IdP for example.

    #22224
     aniru2dh
    Participant

    @peter-major. We have tried using this setting but it did not work. Initially we were using Access Management 5.5.1 and identified that there is a bug with this version as per the below article.
    https://bugster.forgerock.org/jira/browse/OPENAM-12703

    we have upgraded to version 6.0.0.1 to see if this resolves the issue. But this did not help, even after the user session is timed out at IDP still the application was accessible and there are no errors reported either in Core System logs or Federation Logs.

    Looking from some pointers to analyze the issue.

    Thanks,
    Anirudh.

    #22227
     Peter Major
    Moderator

    Well if it doesn’t work, you could try raising a support ticket.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?