...
Under the default configuration, user authentication occurs hourly. Note that some authentication methods may be non-interactive such that users don't actually have to explicitly provide credentials (IPAddress, X509Internal), but an authentication event is nonetheless occurring hourly under the default configuration.
An example may be helpful in further clarifying how session configuration defines security policy around user authentication. Suppose a deployer wants to implement the following security policy:
- Users must authenticate at least once daily.
- An IdP session may remain idle at most for 60 minutes.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# IDP session must be at _least_ as long as authn result lifetime
idp.session.timeout=PT24H
# Authentication results live for at most 24 hours
idp.authn.defaultLifetime=PT24H
# Authentication results may be idle for at most 60 minutes
idp.authn.defaultTimeout=PT60M |