Liferay IDP session time out even after sp session is still activeLiferay IDP session time out even after sp session is still activehttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1125324982024-03-28T23:05:05Z2024-03-28T23:05:05ZRE: Liferay IDP session time out even after sp session is still activeShahbaz Khanhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1125758052019-03-05T09:20:34Z2019-03-05T09:20:34Z<blockquote>David H NebingerThat's not how SAML works.<br /><br />On activity on the SP, it should update the IdP so it knows to extend the session.<br /><br />There are ways to monkey with this though; if on the app on the SP all you are doing is AJAX-based web service calls that don't touch back to the SP or the IdP, you might believe the SP is extending the session when in actuality it is not.</blockquote><br /><br />I found out something about Keep alive url, which I did not configure in my portal.<br /><br /><br />Is it related to that ? Do I need to configure this url also. Shahbaz Khan2019-03-05T09:20:34ZRE: Liferay IDP session time out even after sp session is still activeDavid H Nebingerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1125632812019-03-04T14:26:44Z2019-03-04T14:26:44ZThat's not how SAML works.<br /><br />On activity on the SP, it should update the IdP so it knows to extend the session.<br /><br />There are ways to monkey with this though; if on the app on the SP all you are doing is AJAX-based web service calls that don't touch back to the SP or the IdP, you might believe the SP is extending the session when in actuality it is not.David H Nebinger2019-03-04T14:26:44ZRE: Liferay IDP session time out even after sp session is still activeShahbaz Khanhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1125577862019-03-04T11:30:39Z2019-03-04T11:30:39ZHi David,<br /><br />Thanks for the quick response.<br /><br />My requirement is different here. My IDP and SP both have same session time out. Please check below scenario step by step.<br /><br /><br /><ol style="list-style: decimal outside;" start="1"><li>First User logs in to IDP</li><li>Then click on the SP link on idp site which will open SP in different tab of browser.</li><li>Now user is active on the SP for 15 minutes.</li><li>But the browser tab on which IDP site is open is inactive for 15 minutes because user is active on SP not on IDP. </li><li>In this case IDP session goes timeout without knowing of SP session. But SP is still active here. In this case i want to extend my IDP session.</li></ol> Hope you understood my requirement. <br /><br />If there is any solution of this problem, Please suggest me. Shahbaz Khan2019-03-04T11:30:39ZRE: Liferay IDP session time out even after sp session is still activeDavid H Nebingerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1125340122019-03-01T14:35:35Z2019-03-01T14:35:35ZUm, no.<br /><br />I mean, the one requirement for using a shared authentication source is that all of the participants will have the same session timeout details.<br /><br />So saying that the IdP has 15 minutes and an SP has 20 minutes is broken, out of the gate. Anything after that about the SP effectively owning the actual session timeout time is just wrong.<br /><br />What would your response be if you found out that an errant admin introduced a new SP that, because they were just testing, had their session timeout set for 2 hours? If things worked like you might suggest, your secure session timeout would be blown out of the water with everyone adopting a 2 hour timeout.<br /><br />Regardless what you are doing, as a rule the session timeout must match between the IdP and all SPs.<br /><br />Period.David H Nebinger2019-03-01T14:35:35ZLiferay IDP session time out even after sp session is still activeShahbaz Khanhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1125324972019-03-01T13:46:38Z2019-03-01T13:46:38ZWe have a requirement where liferay portal team ( IDP side ) want to extend user session based on service provider.<br /><br />Is there a way by which Service provider can keep alive the session on IDP side on real time basis based on client activity on vendor end. <br /><br />For example if the session time or Ideal time out at IDP end is "15 min", however if SP side client is active for "20 min", the