Session validation
PingFederate validates both an inactivity timeout and an overall session timeout:
- Inactivity timeout
-
The amount of time that a session can be inactive when no new browser requests are received and before a user is required to reauthenticate.
- Overall session timeout
-
The total amount of time that a session can be active, regardless of activity, before the user is required to re-authenticate.
If either of the timeout limits has expired, the Apache agent cancels the existing session and redirects the browser to the PingFederateLoginPageUrl address in your <apache_home>/conf/mod_pf.conf file. This starts a service provider (SP)-initiated single sign-on (SSO) request at the identity provider (IdP).
|
Session cancellation enforces session cleanup in the PingFederate server and session cookie obsolescence. |