When specifying an acquired role in the configuration (e.g. step-up configuration or role granted by an authenticator), use the following syntax:
<role-name>[:idle-timeout-in-seconds[:life-timeout-in-seconds]]
Examples:
strong
: no timeoutstrong:600
: idle timeout is 10 minutesstrong:600:1800
: idle timeout is 10 minutes, life-timeout is 30 minutes
Note that the life-timeout must be >= the idle-timeout.
Valid example: strong:600:1800
Invalid example: strong:600:500
Example:
Assume a user acquires the role "strong" (e.g. by a step-up process).
Let the role be granted with:
- Idle-timeout 10 minutes
- Life-timeout 30 minutes
The configured step-up-role is: strong:600:1800
- The role is lost after 30 minutes in any case
- The role is lost after 10 minutes of inactivity on the Airlock Gateway (WAF) session