Identity Provider configuration

Authentication Default Lifetime

A user's authentication results may be used for implicit SP authentication for as long as this parameter indicates. After this period, the user will be asked to authenticate again.
Example: PT30S translates to a 30 seconds lifetime

PT7S

Authentication Default Timeout

If the last authentication result is not used in SAML responses within this time frame the user will be asked to authenticate again next time it reaches the IdP.
Example, PT5M translates to a 5 minutes timeout

PT7S

Session Timeout

The idle time for the IdP session. The value must be at least as long as the Authentication Default Lifetime.
Example, PT24H translates to a 24 hours timeout

PT24h

Enable Single Logout (SLO)

User Sessions as stored in Cassandra and the user can be logged out everywhere at once

Turned off

Default Service Provider lifetime*

Controls how long the IdP will store the Service Providers' sessions. In case of Single Logout, this value should be greater than the Service Providers' session lifetime.

PT2h

Logo file

Custom logo displayed in Shibboleth page

IdP Internal Service URL*

<fqdn>:8945

IdP External Service URL*

<fqdn>:8944

Self Service Portal Enrollment URL*

<fqdn>:9987/ssp/index.html#enrollment

FIDO Origin*

<fqdn>

Websec Service URL*

<fqdn>/websec

Auto Refresh Session

Performs automatically refresh of the opportunity session if the session expires

Turned off

Certificate Authentication External Service URL

<fqdn>:8946

Certificate Authentication Internal Service URL

<fqdn>:8947

Certificate Authentication Proxy Secret

<secret>

Enable SPNEGO Authentication

Enable SPNEGO-based Kerberos authentication, complying with RFC 4559, 'SPNEGO-based Kerberos and NTLM HTTP Authentication'

Turned off

Kerberos KeyTab List

 No value