is there any way to set a "global" session timeout?
Not only for user inactivity but for all users even if they are working!
(I know, this look like a stupid question, but the customer asked it for security reason).
Found the solution (thanks to Support). Sharing it for who is interested:
Within Splunk all user session timeouts are the result of inactivity, so we effectively only close sessions if they exceed the configured idle time and we provide no mechanism to force sessions to expire/terminate.
However, while it's not a supported feature we do track session tokens, so you could fashion your own solution to delete specific tokens (authentication/httpauth-tokens):
As mentioned above we provide no official mechanism for doing this, but you should be able to use the above to achieve the same result.
Alternatively, since you have CA-Siteminder you should be able to enforce session time limits, through WebAgent-OnAuthAccept-Session-MaxTimeout for example - just note that I am not overly familiar with CA-Siteminder so can't advise on how this should be configured.