We have enabled delegated authentication single sign-on for our org. We have created the web service call and are able to successfully login automatically using that URL and checking against our AD credentials. Everything works great, until the timeout occurs. We have our timeout session set to 30 minutes, as we are a financial institution with strict security policies. Here is the issue in detail:

Initially, we set the logout URL to be the SSO web service, with the intent of the logout automatically logging the user back in. The 30 minute timeout warning dialog displays. If you select Continue Working, you are fine and your session continues as normal. If you missed the dialog, the session would automatically re-login in the same window that the dialog warning was in. This is problematic as the user now has two windows open, the original SFDC session in their browser and then the renewed session in the smaller browser window. This dialog window did not have a toolbar or header on it, since it was just a warning, so the new session also does not have a header or toolbar, rendering it useless for our needs.

We tried redirecting the logout URL to a new page that requires interaction from the user, but it still causes problems with that new window. So, I tried disabling the timeout warning dialog box from session settings, but then it does not re-authenticate the user at all. After 30 minutes, their session is expired, they are not warned and when they go to work on something they are redirected the the login URL and not automatically logged back in.

Has anyone had any luck with this? We want the user to stay logged in all day through single sign-on or be looped back into SSO automatically. Since SFDC does not have separate timeout settings for in network vs out of network we are lost. Any help or suggestions would be greatly appreciated.