Back to top
 
 
 

How to Configure SAML2 SSO and Session Timeout in Evolve (On-Premises)

Overview

This article explains how to enable Single Sign-On (SSO) using SAML 2.0 in Evolve on-premises deployments, and how to view and adjust the session timeout configuration.

Applies To

  • Product: Casewise Evolve / erwin Evolve
  • Versions: 2022.0.0 and later
  • Deployment: On-Premises only

Part 1 — Enabling SAML2 SSO in Evolve

Evolve supports three authentication modes:

  • Windows Authentication (Direct Active Directory)
  • Forms Authentication
  • SAML 2.0 (federated SSO — recommended for cross-application SSO)

Important: Windows Authentication cannot share sessions with external applications. To enable cross-application SSO (e.g. from a portal or another application into Evolve without re-authentication), SAML 2.0 must be configured.

Prerequisites

  • An Identity Provider (IdP) is already configured — ADFS or Azure AD
  • Both the source application and Evolve are registered as Service Providers in the IdP
  • You have Administrator access to the Evolve server

Step 1 — Register Evolve in your Identity Provider

If using ADFS:

  1. Open ADFS Management Console → Add Relying Party Trust
  2. Identifier: https://[your-evolve-server]/
  3. Assertion Consumer Service (ACS) URL: https://[your-evolve-server]/Saml2/Acs
  4. Complete the wizard and configure claim rules

If using Azure AD:

  1. Azure Portal → Enterprise Applications → New Application → Create your own
  2. Set up Single Sign-On → SAML
  3. Reply URL (ACS): https://[your-evolve-server]/Saml2/Acs
  4. Identifier (Entity ID): https://[your-evolve-server]/
  5. Download the Federation Metadata XML — you will need this in Step 2

Step 2 — Configure SAML2 in the Evolve Server Configurator

  1. On the Evolve server, open CwEvolveServerConfigurator.exe
  2. Navigate to: Security Settings → Authentication Mode
  3. Select: SAML2
  4. Enter your IdP Metadata URL (from ADFS or Azure AD)
  5. Click Save

Step 3 — Restart IIS

Open Command Prompt as Administrator and run:

iisreset /restart

Step 4 — Verify

Open a browser, navigate to your Evolve URL. You should be redirected to your IdP login page (ADFS / Azure AD). After authenticating once, navigating from other registered applications should not prompt for credentials again.


Part 2 — Viewing and Adjusting Session Timeout

The session timeout controls how long a user remains logged into Evolve after a period of inactivity. There are three places where this is controlled:

Method A — Evolve Server Configurator (Recommended)

  1. Open CwEvolveServerConfigurator.exe on the Evolve server
  2. Navigate to: Security Settings → Session Timeout
  3. Change the value (in minutes). Recommended: 60
  4. Click Save and restart IIS: iisreset /restart

Method B — IIS Manager

  1. Open IIS Manager
  2. Navigate to: Application Pools → [Your Evolve App Pool]
  3. Click Advanced Settings
  4. Under Process Model → Idle Time-out (minutes)
  5. Set to 60 (or your preferred value)

Method C — web.config

  1. Locate: C:\inetpub\wwwroot\[EvolveApp]\web.config
  2. Find and update the sessionState element:
<system.web>
  <sessionState timeout="60" slidingExpiration="true" />
</system.web>
  1. After saving, restart IIS: iisreset /restart

Recommended Timeout Values

Environment Recommended Timeout
Development / Testing 480 minutes (8 hours)
Production (standard) 60 minutes
High-security production 20 minutes

Related Articles



📄  Download this article as PDF

⬇  Download PDF

Evolve-SAML2-SSO-Guide.pdf

Keywords: SSO, SAML2, single sign-on, session timeout, IIS, authentication, ADFS, Azure AD, Windows Authentication, Evolve, on-premises, Kentor, cross-application

 

Comments