Shibboleth IdP Authenticaiton requirement / design confirmation for authentication of Mobile User authentication
We worked on developing the authentication of users of web application using Shibboleth IdP login page.
Now our Customer requirement was to extend this authentication mechanism to the Mobile Users using Shibboleth IdP login page.
Our requirement list as below,
1) Users of Mobile Application needs to be authenticated using Native Application web view by loading the Shibboleth IdP login page (ios, Android, ODS runtime).
2) Users of Mobile Application should be authenticated via web view only once, and next the same user should be authenticated only after six months.
Please validate the following design decisions for the above said requirement,
1) Designing the user authentication via Shibboleth IdP login page loaded on to the native application web view and the subsequent authentication should be via Shibboleth ECP End point using the Shibboleth IdP Session cookie stored on the browser , and here the default browser of the native application used by the web view. Is this valid ? If not valid what is the alternative to achieve this?
2) Designing the shibboleth session time out configuration as below,
Kindly validate the configuration if shibboleth is not supporting the same, what is the alternative to achieve force authentication of user once in six months for mobile applicaiton?
3) Can the user authenticated via Shibboleth login page be logged out via Shibboleth logout ECP end point with the Shibboleth IdP Session cookie?
4) Can the same instance of Shibboleth Server configured with different IdP Session time out configuration one for web and other one for mobile? Kindly confirm , if not possible what is the alternative?i?