Page Comparison

idp.session.enabled

Boolean

true

Whether to enable the IdP's session tracking feature

idp.session.StorageService

Bean ID of StorageService

shibboleth.ClientSessionStorageService

Bean name of a storage implementation/configuration to use for IdP sessions

idp.session.cookieName ^4.2

String

shib_idp_session

Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)

idp.session.idSize

Integer

32

Number of characters in IdP session identifiers

idp.session.consistentAddress

Boolean

true

Whether to bind IdP sessions to IP addresses

idp.session.consistentAddressCondition

BiPredicate<String,String>

Direct string comparison

A 2-argument predicate that compares a bound session's address to a client address

idp.session.timeout

Duration

PT60M

Inactivity timeout policy for IdP sessions (must be non-zero)

idp.session.slop

Duration

0

Extra time after expiration before removing SP sessions in case a logout is invoked

idp.session.maskStorageFailure

Boolean

false

Whether to hide storage failures from users during session cache reads/writes

idp.session.trackSPSessions

Boolean

false

Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)

idp.session.secondaryServiceIndex

Boolean

false

Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)

idp.session.defaultSPlifetime

Duration

PT2H

Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting