Print this page

Why "?stbdtimeout=1" parameter gets added to IDP logout URL when a user's session times out?

Knowledge Article Number 000193690
Description Why "?stbdtimeout=1" parameter gets added to IDP logout URL when a user's session times out ?

Using Federation Manager it is noticed that when a parameter is passed to the Logout URL for example https://www.idp/public/saml2slo?stbdtimeout=1 the user gets a HTTP 400 Bad Request. 

It works fine when the parameter is not present.
Resolution
This parameter gets appended by Salesforce to understand the logout call made due to timeout and we need to bypass session discovery when we get to login page as a result of a session timeout.
 
This fixes the known issue where sessions were never timing out because the timeout popup redirects to the login page>> which then does session discovery>> which then redirects back into the app>> which then refreshes the session validity (if done quickly enough).

If you are facing any problem due to this, for example your IDP not able to resolve the URL and giving you 404 error then your IDP needs to be updated to handle this parameter.




promote demote