diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index edf1137c2..9d0d3b0a3 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -42,6 +42,8 @@ import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
+import javax.persistence.PrePersist;
+import javax.persistence.PreUpdate;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
@@ -65,6 +67,11 @@ import org.springframework.security.oauth2.provider.ClientDetails;
 })
 public class ClientDetailsEntity implements ClientDetails {
 
+	/**
+	 * 
+	 */
+    private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600;
+
 	private static final long serialVersionUID = -1617727085733786296L;
 
 	private Long id;
@@ -213,6 +220,15 @@ public class ClientDetailsEntity implements ClientDetails {
 
 	}
 
+	@PrePersist
+	@PreUpdate
+	private void prePersist() {
+		// make sure that ID tokens always time out, default to 5 minutes
+		if (getIdTokenValiditySeconds() == null) {
+			setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS);
+		}
+	}	
+	
 	/**
 	 * @return the id
 	 */
@@ -270,6 +286,8 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 
 	/**
+	 * Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
+	 * 
 	 * @return the idTokenValiditySeconds
 	 */
 	@Basic
diff --git a/openid-connect-server/src/main/webapp/resources/js/client.js b/openid-connect-server/src/main/webapp/resources/js/client.js
index 1e0c4b5e2..11706e556 100644
--- a/openid-connect-server/src/main/webapp/resources/js/client.js
+++ b/openid-connect-server/src/main/webapp/resources/js/client.js
@@ -293,11 +293,6 @@ var ClientFormView = Backbone.View.extend({
         	$("#access-token-timeout-unit", this.$el).prop('disabled',!$("#access-token-timeout-unit", this.$el).prop('disabled')); 
         	document.getElementById("access-token-timeout-time").value = '';
         	},
-        "click #disableIDTokenTimeout" : function() { 
-        	$("#id-token-timeout-time", this.$el).prop('disabled',!$("#id-token-timeout-time", this.$el).prop('disabled')); 
-        	$("#id-token-timeout-unit", this.$el).prop('disabled',!$("#id-token-timeout-unit", this.$el).prop('disabled')); 
-        	document.getElementById("id-token-timeout-time").value = ''; 
-        	},
         "click #disableRefreshTokenTimeout" : function() { 
         	$("#refresh-token-timeout-time", this.$el).prop('disabled',!$("#refresh-token-timeout-time", this.$el).prop('disabled'));
         	$("#refresh-token-timeout-unit", this.$el).prop('disabled',!$("#refresh-token-timeout-unit", this.$el).prop('disabled')); 
@@ -473,10 +468,7 @@ var ClientFormView = Backbone.View.extend({
         	accessTokenValiditySeconds = this.getFormTokenNumberValue($('#accessTokenValidityTime input[type=text]').val(), $('#accessTokenValidityTime select').val()); 
         }
         
-        var idTokenValiditySeconds = null;
-        if (!$('disableIDTokenTimeout').is(':checked')) {
-        	idTokenValiditySeconds = this.getFormTokenNumberValue($('#idTokenValidityTime input[type=text]').val(), $('#idTokenValidityTime select').val()); 
-        }
+        var idTokenValiditySeconds = this.getFormTokenNumberValue($('#idTokenValidityTime input[type=text]').val(), $('#idTokenValidityTime select').val()); 
         
         var refreshTokenValiditySeconds = null;
         if ($('#allowRefresh').is(':checked')) {
@@ -542,10 +534,6 @@ var ClientFormView = Backbone.View.extend({
             attrs["refreshTokenValiditySeconds"] = null;
         }
 
-        if ($('#disableIDTokenTimeout').is(':checked')) {
-             attrs["idTokenValiditySeconds"] = null;
-        }
-
         if ($('#disableAccessTokenTimeout').is(':checked')) {
             attrs["accessTokenValiditySeconds"] = null;
         }
@@ -661,11 +649,6 @@ var ClientFormView = Backbone.View.extend({
             $("#refresh-token-timeout-unit", this.$el).prop('disabled',true);
         }
 
-        if (this.model.get("idTokenValiditySeconds") == null) {
-            $("#id-token-timeout-time", this.$el).prop('disabled',true);
-            $("#id-token-timeout-unit", this.$el).prop('disabled',true);
-        }
-
         // toggle other dynamic fields
         this.toggleRequireClientSecret();
         this.previewLogo();
diff --git a/openid-connect-server/src/main/webapp/resources/template/client.html b/openid-connect-server/src/main/webapp/resources/template/client.html
index 76b1be0ce..10b506a75 100644
--- a/openid-connect-server/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server/src/main/webapp/resources/template/client.html
@@ -377,14 +377,9 @@
             <div class="control-group" id="idTokenValidityTime">
                 <label class="control-label">ID Token Timeout</label>
                 <div class="controls">
-					<div>
-						<label class="checkbox">
-                        	<input type="checkbox" id="disableIDTokenTimeout" <%=(idTokenValiditySeconds == null ? 'checked' : '')%>/> ID Tokens do not time out
-						</label>
-					</div>
-                    <div class="form-horizontal">
-                        <input type="text" class="" value="<%=(idTokenValiditySeconds == null ? '' : idTokenValiditySeconds)%>" id="id-token-timeout-time" size="16" style="width:120px;">
-						<select id="id-token-timeout-unit" style="width:120px;">
+                    <div>
+                        <input type="text" class="" value="<%=(idTokenValiditySeconds == null ? '' : idTokenValiditySeconds)%>" id="id-token-timeout-time" size="16" style="width:8em;">
+						<select id="id-token-timeout-unit" style="width:8em;">
 							<option>seconds</option>
 							<option>minutes</option>
 							<option>hours</option>