saml-dev message

Subject: RE: [saml-dev] Cross domain session timeouts

From: "Cahill, Conor P" <conor.p.cahill@intel.com>
To: "Scott Cantor" <cantor.2@osu.edu>,<michael.mccormick@wellsfargo.com>,<saml-dev@lists.oasis-open.org>
Date: Tue, 9 Oct 2007 16:23:56 -0700



> > 2. Allow IDP to transmit its session requirements to the SP as part
of
> > SAML metadata?
> > (e.g., "send user back to me for reauthentication after 15 minutes
of
> > inactivity")
> >
> > This is actually carried in the authentication assertion.  The
> > SessionNotOnOrAfter attribute on the AuthnStatement is the place to
put
> > this.
> 
> No, that's for session lifetime, not idle timeout. There is no way to
deal
> with timeouts in SAML, it's not addressed at all.

Yeah... I just read the "send the user back to me for reauthentication
after
15 minutes"  (leaving off the "of inactivity" in my head).

Sorry.

Conor

References:
- Cross domain session timeouts
  - From: <michael.mccormick@wellsfargo.com>
- RE: [saml-dev] Cross domain session timeouts
  - From: "Cahill, Conor P" <conor.p.cahill@intel.com>
- RE: [saml-dev] Cross domain session timeouts
  - From: "Scott Cantor" <cantor.2@osu.edu>