Hi !
I try to use a "Remember me" option on SImpleSAMLPhp but after two hours of inactivity, if I reload the page I must re-authenticate.
I don't found any usefull documentation on the site about this feature.
Here are the options of my config.php :
<?php
$config = array(
'baseurlpath' => 'simplesamlphp/',
'certdir' => '/etc/ssl/certs/',
'loggingdir' => '/var/log/simplesamlphp/',
'datadir' => '/var/lib/simplesamlphp/data/',
'metadatadir' => '/etc/simplesamlphp/metadata/',
'attributenamemapdir' => '/etc/simplesamlphp/attributemap/',
'tempdir' => '/tmp/simplesaml',
'debug' => false,
'showerrors' => false,
'errorreporting' => true,
'debug.validatexml' => false,
// Debian: this password is in /var/lib/simplesamlphp/secrets.inc.php
//'auth.adminpassword' => '123',
'admin.protectindexpage' => true,
'admin.protectmetadata' => false,
// Debian: this secret is in /var/lib/simplesamlphp/secrets.inc.php
//'secretsalt' => 'defaultsecretsalt',
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'n...@example.org',
'timezone' => null,
'logging.level' => SimpleSAML_Logger::NOTICE,
'logging.handler' => 'syslog',
//'logging.format' => '%date{%b %d %H:%M:%S} %process %level %stat[%trackid] %msg',
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
'logging.processname' => 'simplesamlphp',
'logging.logfile' => 'simplesamlphp.log',
'statistics.out' => array(// Log statistics to the normal log.
array(
'class' => 'core:Log',
'level' => 'notice',
),
// Log statistics to files in a directory. One file per day.
array(
'class' => 'core:File',
'directory' => '/var/log/stats',
),
),
'enable.saml20-idp' => true,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
'enable.authmemcookie' => false,
'session.duration' => 8 * (60 * 60), // 8 hours.
'session.datastore.timeout' => (4 * 60 * 60), // 4 hours
'session.state.timeout' => (60 * 60), // 1 hour
'session.cookie.name' => 'SimpleSAMLSessionID',
'session.cookie.lifetime' => 0,
'session.cookie.path' => '/',
'session.cookie.domain' => null,
'session.cookie.secure' => false,
'session.disable_fallback' => false,
'enable.http_post' => false,
'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => false,
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
'session.rememberme.enable' => true,
'session.rememberme.checked' => false,
'session.rememberme.lifetime' => (14 * 86400),
'language.available' => array(
'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs',
'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et',
'he', 'id', 'sr', 'lv', 'ro', 'eu'
),
'language.rtl' => array('ar', 'dv', 'fa', 'ur', 'he'),
'language.default' => 'en',
'language.parameter.name' => 'language',
'language.parameter.setcookie' => true,
'language.cookie.name' => 'language',
'language.cookie.domain' => null,
'language.cookie.path' => '/',
'language.cookie.lifetime' => (60 * 60 * 24 * 900),
'attributes.extradictionary' => null,
'theme.use' => 'default',
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
'idpdisco.enableremember' => true,
'idpdisco.rememberchecked' => true,
// Disco service only accepts entities it knows.
'idpdisco.validate' => true,
'idpdisco.extDiscoveryStorage' => null,
'idpdisco.layout' => 'dropdown',
'shib13.signresponse' => true,
'authproc.idp' => array(
10 => array(
'class' => 'core:AttributeMap', 'addurnprefix'
), */
20 => 'core:TargetedID',
// Adopts language from attribute to use in UI
30 => 'core:LanguageAdaptor',
40 => 'core:AttributeRealm',
45 => array(
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
),
50 => 'core:AttributeLimit',
60 => array(
'class' => 'core:AttributeAlter',
'pattern' => '/OU=studerende/',
'replacement' => 'Student',
'subject' => 'distinguishedName',
'%replace',
),
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
// If language is set in Consent module it will be added as an attribute.
99 => 'core:LanguageAdaptor',
),
'authproc.sp' => array(
10 => array(
'class' => 'core:AttributeMap', 'removeurnprefix'
),
60 => array(
'class' => 'core:GenerateGroups', 'eduPersonAffiliation'
),
61 => array(
'class' => 'core:AttributeAdd', 'groups' => array('users', 'members')
),
// Adopts language from attribute to use in UI
90 => 'core:LanguageAdaptor',
),
'metadata.sources' => array(
array('type' => 'flatfile'),
),
'store.type' => 'phpsession',
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
'store.sql.username' => null,
'store.sql.password' => null,
'store.sql.prefix' => 'simpleSAMLphp',
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
'memcache_store.expires' => 36 * (60 * 60), // 36 hours.
'metadata.sign.enable' => false,
'metadata.sign.privatekey' => null,
'metadata.sign.privatekey_pass' => null,
'metadata.sign.certificate' => null,
'proxy' => null,
'trusted.url.domains' => null,
);
require_once('/var/lib/simplesamlphp/secrets.inc.php');
I define the remember me session life time to 14 days, but I think there is another error.
Could you give me a way to debug this ?
Thanks a lot
Dom