[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Cross domain session timeouts
> > 2. Allow IDP to transmit its session requirements to the SP as part of > > SAML metadata? > > (e.g., "send user back to me for reauthentication after 15 minutes of > > inactivity") > > > > This is actually carried in the authentication assertion. The > > SessionNotOnOrAfter attribute on the AuthnStatement is the place to put > > this. > > No, that's for session lifetime, not idle timeout. There is no way to deal > with timeouts in SAML, it's not addressed at all. Yeah... I just read the "send the user back to me for reauthentication after 15 minutes" (leaving off the "of inactivity" in my head). Sorry. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]