How to set SSO Session time


I want to set session time of IDP , I set  IDP-Default time out is 120 minutes, but not effect.

So I want to Set session effect time is 30 days. how to do?


  • Verified Answer

    IDP session time is controlled by a setting on the Contract. You do NOT want to set it to 30 days as this would mean that NAM would keep a live session open in memory which would consume resources. Take a look at "Persistent Authentication" as it is likely what you need.

  • Hi

    How to do select persistence class for one oauth client? I  found only Global setting can select authenticate class,I want select persistence class for one oauth client as saml2 SP

  • OAuth is a bit different. What you'r looking for is the token lifetime for either the Access Token or the Refresh Token. These can be set per client. Best practice is to use a short timeout on the Access Token and a make your Refresh Token last as long as you like.

    This is not the same as IDP session. There is an IDP session created when the use user authenticates and its duration is set on the contract. However, it's up to your OAuth client (or clients) to actually use this session. On login a session cookie is returned and this cookie can be used for subsequent requests but it is up to your OAuth client to do so. Many do not by default. It is also common for OAuth clients to include a parameter (prompt=login) in the authentication request that forces re-authentication regardless of session.