Hi,
We have an interesting issue with a federated SSO solution.
We are acting as SP in a SAML 2.0 federation.
1. After consuming assertion the user is taken to realm A. This realm has persistent session.
2. After that the user is redirected to realm B. This realm is configured with non-persistent session.
3. There is a background (non-browser) web service call to realm C. This is also a non-persistent session. This web service submits SMSESSION cookie from browser from the previous step.
The issue is session is expiring in Step2 and 3. We have introduced "Enforce Realm Timeouts" in step 2 and 3 (introduced responses for MaxTimeout and IdleTimeout on AuthAccept rule). But they do not seem to be working. We don't seem to know the REASON.
For example session in step-3 is holding until the "Max Idle Timeout" set in the response of that realm. After that it is failing with "session has expired" message.
What seems to be happening is, even though constant hits are made to the realm, it is treating the session as idle and after the max idle timeout has elapsed, the session is timing out.
This was my observation.
Please offer the reason why the session is timing out.
Please offer if there is any advice available to keep session active while user is traversing between the 3 realms.
Thanks,
Ram