[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Cross domain session timeouts
> 2. Allow IDP to transmit its session requirements to the SP as part of > SAML metadata? > (e.g., "send user back to me for reauthentication after 15 minutes of > inactivity") > > This is actually carried in the authentication assertion. The > SessionNotOnOrAfter attribute on the AuthnStatement is the place to put > this. No, that's for session lifetime, not idle timeout. There is no way to deal with timeouts in SAML, it's not addressed at all. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]