I have successfully implemented SSO as per wiki "http://docs.craftercms.org/en/3.0/system-administrators/security/configure-headers-based-auth.html?highlight=sso" and disabled logout option from crafter site from Contextual Navigation configuration.
However I am unable to find a way where I can set redirect on Mellon session length expiration or studio session timeout. Currently it shows relogin dialog box.
Any guidance/help will be highly appreciated.
Studio session length expiration is set in the Crafter Studio web.xml by default at:
<session-config>
<session-timeout>75</session-timeout>
</session-config>
Studio also has a configuration at CLASSPATH:crafter/studio/studio-config.yaml (full file here: https://github.com/craftercms/studio/blob/master/src/main/resources/crafter/studio/studio-config.yaml)
# HTTP Session timeout for studio (value is in minutes).
studio.security.sessionTimeout: 60
Note that this timeout is shorter than the webapp configuration. This makes it easier to override it (typically make it shorter) by putting an override config in your classplath (TOMCAT/shared/classes/crafter/studio/extension/studio-config-override.yaml
studio.security.sessionTimeout: 30
I think the key here is to make sure that:
A way to test this is simply to configure mellon to throw away it's authentication every x (2-3) minutes.