How to fix users getting logged out after two minutes when using SiteMinder
Problem
If your end users report the behavior of being logged out or receiving a timeout dialog shortly after logging in, and you are using SiteMinder or a similar SAML-based SSO provider, your Identity Provider (IDP) configuration may need adjusting.
The symptoms include seeing the attribute SessionNotOnOrAfter in your SAML assertions when debugging as described in our SAML documentation or using a SAML tracer. The full authentication statement causing this might look like this, indicating there is a very short amount of time between authentication and session expiration time.
<ns2:AuthnStatement AuthnInstant="2022-01-20T19:55:23Z" SessionIndex="iCOpSprLm+RFlKUuSRQXGFZka+s=gOdlag==" SessionNotOnOrAfter="2022-01-20T19:56:53Z">Solution
In certain SiteMinder versions, the default setting for session length is to match Assertion Validity, which can be as short as two minutes.
Verify with your SiteMinder team that the settings are as follows
- Go to your SiteMinder Administrative Interface
- Find the SSO configuration section that contains the
Recommended SP Session Duration - Ensure this is set to
Customize - Then either use
Omit(the default timeout on the platform is 60 minutes) or set aCustomlength that is appropriate for your IT teams security needs. - Save your changes
Related articles
- Microsoft Office Links do not work in SSO scenarios
- Desktop Client: Resolving installation issues involving VBA
- Desktop Client: Enterprise Model warning when adding IGX file to repository
- Desktop Client: Why is the automatic Swimlane-based relationship creation not working?
- Desktop Client Installation on Windows Server