1 260
szerkesztés
Módosítások
→Session lifetime: Add a sentence about SAML1
'''IdP session lifetime must be longer than any SP session lifetime'''. Otherwise, if an SP session outlives the IdP session and the user reauthenticates for a new session for other SPs, logout would not terminate session at the first SP.
The IdP can limit the maximum lifetime of the SP session by using the (optional) <code>SessionNotOnOrAfter</code> property in the SAML2 authentication statement. SAML1.1 does not have this feature, so '''you cannot limit the session lifetime for SPs using Shibboleth SSO protocol.'''
{{INFO_EN|
This can be set in the <code>relying-party.xml</code> by specifying the number of milliseconds in the '''<code>maximumSPSessionLifetime</code>''' attribute of the '''<code>SAML2SSOProfile</code>''' configuration.
