To: "saml-dev@lists.oasis-open.org" <saml-dev@lists.oasis-open.org>
Date: Thu, 10 Apr 2014 06:14:03 -0700 (PDT)
I understand that when HTTP POST binding is used to deliver the Response, SP's have to make sure that during one assertion's validity time, a second assertion with the same ID as the first one is not acceptable for bearer assertions.
Is it valid for an IDP to deliver an assertion (say assertion2) with the same assertion ID as a previously delivered assertion (say assertion1) after the first assertion's validity period ends?