Hello,
The settings for web application (webapps) sessions and Single Sign-On (SSO) session timeouts are entirely independent.
The webapps session is linked to the timeout of the respective web application. Once a user has been successfully authenticated, the associated cookie remains valid, allowing access to the webapps throughout the webapp session's duration.
The SSO session timeout applies to authenticated users on our SAML/OpenID Identity Provider (IDP). It defines the duration of the SSO session validity. Within this timeframe, the user is not prompted to re-authenticate on the Identity Provider, even if another Service Provider requests authentication.
Regards