[security-dev] SP side Http session time-out period

Michael Cirioli mcirioli at redhat.com
Tue Nov 25 20:02:23 EST 2014

I believe you can configure sp session lifetimes in your apps web.xml





-mike cirioli


If I used ServiceProviderAuthenticator as my SP side, once a valid assertion comes back from IDP, and SP checked the assertion and created the local HttpSession (it is an HttpSession, right ?), what is that session's time-out period ? Is it configurable ?


security-dev mailing list
security-dev at lists.jboss.org

More information about the security-dev mailing list