Re: Timeouts on SSO enabled portals

["John R. LaPrad" <jrl () SVSU EDU>]

Hello all, we are having a discussion about the timeouts on the campus portal and of applications reached through the 
portal.  We have a SharePoint based portal, authenticating through ADFS.  A number of applications (onsite and offsite) 
are accessed through the portal with SSO.  We used to have inactivity timeouts based on the application, but now with 
web applications and a SSO portal, it's not so easy.



*         What sorts of timeouts do people have on portal systems?

*         Do you distinguish between onsite domain connected computers where the computer has a forced screensaver 
timeout and offsite access where we have no control of the computer?

*         Some folks here are suggesting to shorten the main ADFS token timeout which currently is 480 minutes. As this 
would affect more than just the portal and would possibly kick people out in the middle of whatever they were doing, 
we're looking for alternatives.



Thank you for your time and answers/suggestions



John LaPrad, CISSP, CIHE
IT Security Manager
Saginaw Valley State University
989-964-7134