Merge branch 'dblessing_saml_sso_expiry_one_day' into 'master'

Lower SAML SSO session expiry to one day See merge request gitlab-org/gitlab!54374

Merge branch 'dblessing_saml_sso_expiry_one_day' into 'master'
Lower SAML SSO session expiry to one day See merge request gitlab-org/gitlab!54374
5fa152e9 · Kerri Miller · 684ade3f · bcd3b636 · 5fa152e9 · 5fa152e9
Commit 5fa152e9 authored Feb 17, 2021 by Kerri Miller
3 changed files
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -87,7 +87,7 @@ Please note that the certificate [fingerprint algorithm](#additional-providers-a
 With this option enabled, users must go through your group's GitLab single sign-on URL. They may also be added via SCIM, if configured. Users can't be added manually, and may only access project/group resources via the UI by signing in through the SSO URL.

 However, users are not prompted to sign in through SSO on each visit. GitLab checks whether a user
-has authenticated through SSO. If it's been more than 7 days since the last sign-in, GitLab
+has authenticated through SSO. If it's been more than 1 day since the last sign-in, GitLab
 prompts the user to sign in again through SSO.
 You can see more information about how long a session is valid in our [user profile documentation](../../profile/#why-do-i-keep-getting-signed-out).


--- a/ee/changelogs/unreleased/dblessing_saml_sso_expiry_one_day.yml
+++ b/ee/changelogs/unreleased/dblessing_saml_sso_expiry_one_day.yml
+---
+title: Lower SAML SSO session expiry to one day
+merge_request: 54374
+author:
+type: changed
--- a/ee/lib/gitlab/auth/group_saml/sso_enforcer.rb
+++ b/ee/lib/gitlab/auth/group_saml/sso_enforcer.rb
@@ -4,7 +4,7 @@ module Gitlab
  module Auth
    module GroupSaml
      class SsoEnforcer
-        DEFAULT_SESSION_TIMEOUT = 7.days
+        DEFAULT_SESSION_TIMEOUT = 1.day

        attr_reader :saml_provider