AEM SAML Integration-Idle session logout | Community
Skip to main content
srikanthp689160
srikanthp689160
Level 4
November 26, 2019

AEM SAML Integration-Idle session logout

  • November 26, 2019
  • 6 replies
  • 12380 views

Hi,

We have SAML integration in place for our application(includes both public and secure pages) where AEM is Service Provider and Salesforce is Identity Provider.

We are trying to achieve idle session logout where if user does not interact with application for 5 minutes or so user must be logged out.

In order to achieve this we are following this article https://helpx.adobe.com/experience-manager/kb/How-to-set-token-session-expiration-AEM.html where in OSGi configuration org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl, property value is set Token Expiration to 600, but does not seem to work i.e. after idle time if user tries to access secure page(refresh secure page), he is not taken to login screen or SAML Authentical Handler is not invoked.

Could you please let me know if the above approach is applicable for SAML authentication too? Or are there any alternate approaches?

Note: Idle session logout configuration is in place at Salesforce end

Thanks,

Srikanth Pogula.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

6 replies

W
Adobe Employee
WasilZeeAdobe Employee
Adobe Employee
November 26, 2019

Follow the kb : How to set the Oak login token session expiration

Thanks

Wasil

U
Adobe Employee
user05162Adobe Employee
Adobe Employee
November 26, 2019

Have you configured SAML handler to handle the logout?

srikanthp689160
srikanthp689160Author
Level 4
November 27, 2019

Hi jbrar,

Yes, we are handling Logout via SAML Handler i.e. Handle Logout is checked and Logout URL is the URL given by IDP.

Thanks & Regards,

Srikanth Pogula.

    srikanthp689160
    srikanthp689160Author
    Level 4
    November 27, 2019

    Hi WASIL,

    As mentioned in the original post, we have followed the same helpx article but does not seem to work. Even after Token Expiration time, if user tries to access secure page, user is not taken to Identity Provider's authentication screen.

    Thanks & Regards,

    Srikanth Pogula.

      A
      Adobe Employee
      aemmarc2Adobe Employee
      Adobe Employee
      November 27, 2019

      Is your SAML set up as Idp initiated or SP initiated?

      If it's SP initiated then that Oak login token approach won't work since the session is never invalidated with the Idp.

      The Idp will log you right back in.

        VeenaVikraman
        Community Advisor
        VeenaVikramanCommunity Advisor
        Community Advisor
        February 28, 2023

        @aemmarc2 If it is SP initiated , how can we logout the user from SP ?

        srikanthp689160
        srikanthp689160Author
        Level 4
        November 27, 2019

        Hi march16806759,

        Our SAML set up is SP initiated.

        Is there anyway we can handle idle session logout in this case?

        Thanks,

        Srikanth Pogula.

          N
          nikitagoyal
          June 3, 2020

          hi @srikanthp689160 ,

           

          What was the resolution to this?

           

          We have a similar requirement.

          SAML is set up to handle logout.
          The Login is SP initiated.

          We need to logout the user from IDP when AEM session is expired.Is there is way to achieve this?

           

          Thanks,

          Nikita Goyal

           

            srikanthp689160
            srikanthp689160Author
            Level 4
            July 6, 2020

            @nikitagoyal , we were not able to achieve this, right now we still have IDP session timeout only in place.

            Please let me know if you find a solution for this.

              Terms & ConditionsAccessibility statement

              Loading footer...