I have SAML auth set up with Okta, but do not have a specific value set for JWT expiration
Yes the default is true, also tried adding that as explicitly, did not change anything.
I understand there might be some setting on Okta side to increase the expiration on the token.
Is there any setting on SG which refreshes/updates the token after every hour?
If the session expires, you should be redirected to Okta to login again. If you do have a valid session on the Okta side of things, this should happen more or less transparently - meaning you should be redirected back to Kibana with a valid token.
Other than that there’s no other setting I can think of.
Sorry for the late reply, I got caught up by the Kibana 7.2 release.
But yes, I did test it with SAML and in my test the plugin behaved as expected.
Meaning - if there is an expiration set in the response from the Identity Provider (Okta in your case), this value is respected and after the expiration, the plugin logs you out and redirects back to the Identity Provider.
If there is no expiration set, the values in Kibana.yml are used.
So unfortunately at the moment there is no way to override the expiration from the Identity Provider.
I don’t really know Okta in detail, but hopefully they’ll let you edit the expiration settings?