saml-dev message

Subject: RE: [saml-dev] Cross domain session timeouts

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Cahill, Conor P'" <conor.p.cahill@intel.com>, <michael.mccormick@wellsfargo.com>, <saml-dev@lists.oasis-open.org>
Date: Tue, 9 Oct 2007 18:53:16 -0400

> 2. Allow IDP to transmit its session requirements to the SP as part of
> SAML metadata?
> (e.g., "send user back to me for reauthentication after 15 minutes of
> inactivity")
> 
> This is actually carried in the authentication assertion.  The
> SessionNotOnOrAfter attribute on the AuthnStatement is the place to put
> this.

No, that's for session lifetime, not idle timeout. There is no way to deal
with timeouts in SAML, it's not addressed at all.

-- Scott

Follow-Ups:
- RE: [saml-dev] Cross domain session timeouts
  - From: "Cahill, Conor P" <conor.p.cahill@intel.com>

References:
- Cross domain session timeouts
  - From: <michael.mccormick@wellsfargo.com>
- RE: [saml-dev] Cross domain session timeouts
  - From: "Cahill, Conor P" <conor.p.cahill@intel.com>