Increase the default SAML session expirary time to 15 minutes. (#7664)

3 files changed, 4 insertions, 3 deletions

diff --git a/changelog.d/7664.misc b/changelog.d/7664.misc
new file mode 100644

index 0000000000..bbf0908109
--- /dev/null
+++ b/changelog.d/7664.misc
@@ -0,0 +1 @@
+Increase the default SAML session expirary time to 15 minutes.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml

index 9cc3c7598e..b415724d73 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1454,7 +1454,7 @@ saml2_config:
 
   # The lifetime of a SAML session. This defines how long a user has to
   # complete the authentication process, if allow_unsolicited is unset.
-  # The default is 5 minutes.
+  # The default is 15 minutes.
   #
   #saml_session_lifetime: 5m
 
diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py

index d0a19751e8..293643b2de 100644
--- a/synapse/config/saml2_config.py
+++ b/synapse/config/saml2_config.py
@@ -160,7 +160,7 @@ class SAML2Config(Config):
 
         # session lifetime: in milliseconds
         self.saml2_session_lifetime = self.parse_duration(
-            saml2_config.get("saml_session_lifetime", "5m")
+            saml2_config.get("saml_session_lifetime", "15m")
         )
 
         template_dir = saml2_config.get("template_dir")
@@ -286,7 +286,7 @@ class SAML2Config(Config):
 
           # The lifetime of a SAML session. This defines how long a user has to
           # complete the authentication process, if allow_unsolicited is unset.
-          # The default is 5 minutes.
+          # The default is 15 minutes.
           #
           #saml_session_lifetime: 5m