SANtricity System Manager SAML 会话在 5 分钟后超时

适用于

问题

• SANtricity System Manager SAML 会话持续 5 分钟后超时，浏览器报告： The server has logged you out. Log in to return to System Manager
• 在 E-Series AutoSupport 或支持捆绑日志中， web-server-trace.log 记录了大约 5 分钟后会话失效：

2025-04-16 18:26:57,620 INFO [jetty-1164033] c.n.e.a.r.s.SamlImpl [LoggingFilter.java:416] [requestId=XXX, deviceId=N/A {"authId":"unknown","authType":"unknown","resource":"/devmgr/v2/saml/login","remoteAddress":"10.X.XX.XX",
"method":"POST","query":"redirect=false","status":"200","executionTime":"8"}

2025-04-16 18:26:58,629 INFO [jetty-1164053] c.n.e.a.r.s.SamlImpl [LoggingFilter.java:416] [requestId=XXX, deviceId=N/A {"authId":"XXX","authType":"saml","resource":"/devmgr/v2/saml/assertion","remoteAddress":"10.X.XX.XX","method":"POST",
"query":null,"status":"303","executionTime":"7"}...

2025-04-16 18:32:03,998 INFO [jetty-1164053] c.n.e.a.r.AuthFilter [AuthFilter.java:268] [requestId=0, deviceId=1] Invalidating session, saml assertion is expired for samlAssertionId=null

• Okta 身份提供程序最大应用程序会话生存期值设置为大于 5 分钟的值。此设置设置 SAM 断言中的SessionNotOnOrAfter 值。在下面的示例中，将值设置为 1 小时。

<saml2:Assertion  xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                   xmlns:xs="http://www.w3.org/2001/XMLSchema"
                   ID="id-8642639103648655255983945250"
                  IssueInstant="2025-04-30T18:02:33.836Z”
...                   
<saml2:AuthnStatement  xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                        AuthnInstant="2025-04-30T18:02:33.413Z"
                        SessionIndex="_5ac3a4afb86b3ec72628bb4523e91319"
                       SessionNotOnOrAfter="2025-04-30T19:02:33.836Z"
    <saml2:AuthnContext