I was playing with the SSO Session Max Lifespan, and noticed that if I set it to a very large value, like 10000 Days, that I could no longer log in to the realm, but the admin console did not validate the input in any way, so I don't know what the secret maximum value is.  1000 Days seems to be OK.  10000 Days is not.