[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NotOnOrAfter in SubjectConfirmationData and Conditions and SessionNotOnOrAfter
Hello,
In the SAML2 specification there are several places in an assertion where it is possible to specify a lifetime.
The <SubjectConfirmationData> element contains a NotOnOrAfter attribute.
The <Conditions> element contains a NotOnOrAfter attribute.
The <AuthnStatement> element contains a SessionNotOnOrAfter attribute.
What is the meaning of each of them? How do they relate to each other?
Specifically, which of them must be checked when...
... consuming an incoming Saml2Response using Web SSO
... establishing an application session in the SP
... refreshing (extending) an application session in the SP
... forwarding an assertion to a web service, to act on behalf of the subject
... issuing a single logout request to the idp, to ensure that the idp still knows of the session?
Best Regards,
Anders Abel
Ps. This question has been cross posted to Stack Overflow on http://stackoverflow.com/q/29508906/280222
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]