thank you for your reply Pierre.
We are actually using SAML, we thought of invoking the federation logout when the session is idle but I was not sure it was the best practice to do a federation logout.
which token lifetime do you mean that I don't need? the RP session token? So in case we go for federation logout, there is no need to reduce the RP token lifetime?
Another question here, if we invoke a logout, other applications will also be logged out. I am not sure what is the best practice here.
Actually i do have WAP behind a WAF. so the application is access through WAF then WAP.
So can WAP detect application inactivity and logout the user based on that?
MM