[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Cross domain session timeouts
Answers
inline: Does SAML
2.0 provide any capabilities such as: 1. Prevent
session idle timeout at IDP while user is browsing SP site? (keep-alive)
The best way to do this would be to do a re-authentication (e.g.
do an additional authnrequest to the IdP to get an updated token). There
are no other means provided. 2. Allow IDP
to transmit its session requirements to the SP as part of SAML metadata?
This
is actually carried in the authentication assertion. The
SessionNotOnOrAfter attribute on the AuthnStatement is the place to put this. 3. Allow IDP
or SP to register a different URI for session timeout than for a regular single
logoff (SLO)? I
don’t understand what you want to do here? SLO uses the reason code
to indicate the reason for the ending of a ssession (so you could have a
different reason code to differentiate timeout vs other reasons) but in either
case, it means that the specified authn session should be ended (or not allowed
to start if it is presented later) Conor |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]