Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bb
New Contributor

FSSO general setting configuration expiry timer

Hi

Am I correct in saying that if i set up the 'login expiry'  under the  'Fortinet SSO Methods > SSO > General' to 24 Hours a users will be automatically logged of after this period although he may be active on his account.

 

eg surfing online and they receive the authentication screen for re-login 

 

Thanks

B

4 REPLIES 4
Carl_Windsor_FTNT

Not necessarily.  This depends on how the user identity is being collected (we have several methods).  If you are using AD Polling for example, whilst browsing and opening network shares, this will trigger login events will reset the expiry timer.  In this case the expiry timer will start from the last login event seen.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

bb
New Contributor

HI Carl

the users are self-registered, so would be local to the FAC DB.

all users are forced initially to authenticate with the FAC via the captive portal.

I am using Radius accounting as a source of SSO

 

 

thanks

B

bb
New Contributor

Thanks Carl

Carl_Windsor_FTNT

If you are only using RADIUS Accounting, you shouldn't even need to enable this timeout as in theory, FAC should see a RADIUS Accounting Stop which we will use to clear the user login.  If you do have it enabled, behavior will be down to the RADIUS Auth Client (i.e. the devices sending FAC the Accounting packets).  If FAC sees regular RADIUS Interims, they will reset the expiry timer.

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Labels
Top Kudoed Authors