Session Timeout Not Working as Expected with SSO (SAML IdP)

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Requirement:
Session timeout should be 8 hours in IdentityIQ (IIQ).

What We Did:

  • Set session timeout to 480 minutes in web.xml

  • Configured SSO (SAML IdP) in DEV.

  • In local (no SSO) → session works for 8 hours as expected.

Issue:
In DEV (with SSO) → session ends after 30 minutes instead of 8 hours.

Question:
Is there any SAML or IdP-related configuration that could be overriding the IIQ session timeout?
Has anyone faced a similar issue where SSO session expires earlier than the configured web.xml timeout?

2

@malarvanan12 - Which IDP provider you are using OKTA/ADFS/something else?
Please check what’s the default session timeout configured at the IDP side.

1 Like
3

The IdP can include a SessionNotOnOrAfter value in the SAML assertion, which specifies the maximum time the session is valid. The service provider (IIQ) will honor this and terminate the session when this time is reached, even if the IIQ session timeout is longer.

2 Likes
4

I enforced the session value in both tomcat and identityiq web.xml file , now session ends after 8hrs .

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.