Session-related properties are generally defined in conf/idp.properties Worthy of note, you can switch to server-side storage of user sessions by setting the idp.session.StorageService property to shibboleth.StorageService, or an alternative defined by you. This is generally ill-advised in most cases if you operate more than one server node, as the client-side mechanism is much more reliable for clustering than any other approach. Property / Type | Default | Function |
---|
idp.session.enabled Boolean | true | Whether to enable the IdP's session tracking feature | idp.session.StorageService Bean ID of StorageService | shibboleth.ClientSessionStorageService | Bean name of a storage implementation/configuration to use for IdP sessions | idp.session.cookieName 4.2 String | shib_idp_session | Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions) | idp.session.idSize Integer | 32 | Number of characters in IdP session identifiers | idp.session.consistentAddress Boolean | true | Whether to bind IdP sessions to IP addresses | idp.session.consistentAddressCondition BiPredicate<String,String> | Direct string comparison | A 2-argument predicate that compares a bound session's address to a client address | idp.session.timeout Duration | PT60M | Inactivity timeout policy for IdP sessions (must be non-zero) | idp.session.slop Duration | 0 | Extra time after expiration before removing SP sessions in case a logout is invoked | idp.session.maskStorageFailure Boolean | false | Whether to hide storage failures from users during session cache reads/writes | idp.session.trackSPSessions Boolean | false | Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage) | idp.session.secondaryServiceIndex Boolean | false | Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on) | idp.session.defaultSPlifetime Duration | PT2H | Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting |
|