sessionUnusedLifeTime & sessionIdLifeTime - Session Management

By: Philip Feliprada user 11 Apr 2018 at 5:27 a.m. CDT

3 Responses
Philip Feliprada gravatar
This issue is quite similar with my previous ticket(https://support.gluu.org/single-sign-on/5322/end-session-browser/). I would like to ask more about session management. I tried following Aliak's suggestion which is "If setting lower timeouts may satisfy your needs, you should give it a try." so I set sessionUnusedLifeTime to 60seconds and sessionIdLifeTime to 60seconds then I tried accessing Gluu again after the alloted time which is 60 seconds but I am not redirected to the Gluu's Login screen. As explained by Aliak "Session timeouts are just timeouts, when time runs down for a user's session at Gluu, next time they'll be sent there by some SP/RP, they will have to re-authenticate, but that's about it." so in my understanding once the timeout is reached when accessing Gluu I need to re-authenticate. Is my process correct? Am I missing something? Any ideas will be wonderful. Btw kudos to the Gluu support team for answering so fast and on time! I've made so many tickets and the support of Gluu never failed to amaze me.
CentOS 6.0
closed

Answers

By Aliaksandr Samuseu staff 11 Apr 2018 at 1:10 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Philip. You'll need to describe your setup in more details. What protocol(s) are involved here? In case of SAML, you also need to consider the fact that Shibboleth IDP handling it is a separate component which uses its own session with its own timeouts.

By Philip Feliprada user 13 Apr 2018 at 4:51 a.m. CDT

Copy
Philip Feliprada gravatar
Hi Aliak, Sorry for my unclear explanation. My Scenario: I have a website integrated with Gluu SSO with the help of these instructions https://gluu.org/docs/ce/integration/spa/oauth-js-implicit/. I just want to end Gluu's session and re-authenticate whenever I am away or idle. So in my own understanding I thought setting these session timeouts can help me achieve my desired output. Is my desired output achievable using Gluu's configuration like setting session timeouts or this kind of scenarios must be handled by my website? Any inputs are really appreciated. Btw, I also like to ask about oxPasswordExpirationDate attribute. It looks like its not working properly can I ask it here or should I open a new ticket for this? Thanks as always!!

By Aliaksandr Samuseu staff 16 Apr 2018 at 6:02 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Philip. >I just want to end Gluu's session and re-authenticate whenever I am away or idle. So in my own understanding I thought setting these session timeouts can help me achieve my desired output. Please create and share a HAR file with a capture of the whole your failing flow (when you expect your user to be presented with a login page due to the timeout threshold has been reached, but it doesn't happen). You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page. >I also like to ask about oxPasswordExpirationDate attribute. It looks like its not working properly This attribute is used by [Password Expiration custom script](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/basic.password_expiration/PasswordExpiration.py) which implements this functionality. Changing just its value doesn't have any effect, I believe.

Post an answer