OneLogin sessions end earlier than configured (4383176)

Users are unexpectedly returned to the OneLogin login page before the configured SSO session timeout is reached. The behavior may occur across the portal, administrative pages, and other SSO-enabled applications in the same browser session. ​ The issue can appear browser-independent and may coincide with a recently configured or recently changed SAML application. ​

A third-party SAML application was sending a valid Single Logout (SLO) request when its own application session timed out.

When a valid SLO request is received, the logout is propagated to the OneLogin SSO session and other participating SSO applications. This behavior is expected when SLO is enabled and functioning as designed. ​

1. Review recently added or changed SAML applications that participate in SSO.
2. Check whether the affected application has its own session timeout that is shorter than the SSO session timeout configured in OneLogin.
3. If the SLO behavior is started by the third-party application, work with the application vendor or application owner to modify the timeout or logout behavior so it follows the timeout configured in OneLogin.
4. After the application logout behavior is updated, retest by keeping multiple SSO applications open beyond the third-party application timeout period and confirm that the broader SSO session remains active as expected.