You are working as a Sysops administrator for a real estate firm.
They have Hybrid infrastructure deployed for their intranet applications.
On-Prem users accessing AWS resources using AD credentials are complaining of re-login after every 1 hour.
Which of the following actions can be taken to extend the user session?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
SessionDuration is an optional SAML attribute that can be set to determine user sessions.
It can be used to set user sessions from 15 mins to 12 hours, with default as 1 hour when no attribute is set.
Option A is incorrect as the maximum duration cannot be "unlimited".
Option C is incorrect.
When an attribute “SessionDuration” is not used, the default user session is 1 hour instead of 12 hours.
Option D is incorrect as the User Session duration range can be from 15 minutes to 12 hours with default as 1 hour.
Attribute “SessionDuration” can be used to set this duration.
If “SessionDuration” attribute is not configured, it will have the default user session as 1 hour.
For more information on user session duration using SAML attributes, refer to the following URL-
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.htmlIn this scenario, the On-Prem users are accessing AWS resources using AD credentials and are experiencing re-login after every 1 hour. This is likely due to the default session duration being set to 1 hour.
To extend the user session, one possible solution is to use the optional SAML attribute "SessionDuration". This attribute can be used to set the maximum duration of a user's session.
Option A suggests using the "SessionDuration" attribute to set user sessions to be "unlimited". However, setting the session duration to unlimited may not be a secure option as it could potentially allow a user to maintain access indefinitely.
Option B suggests using the "SessionDuration" attribute to set the user sessions to a maximum of 12 hours. This is a better option as it extends the session duration while still maintaining security by limiting the maximum duration.
Option C suggests removing the "SessionDuration" attribute, which would result in the default session duration of 12 hours. This is also a valid option as it achieves the same result as Option B.
Option D suggests that no action can be taken and the maximum timeout is 1 hour. However, this is not true as there are options available to extend the user session duration.
Therefore, the correct answer is either option B or option C, depending on the specific requirements and security policies of the real estate firm.