OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Clock Synchronization bwtween IDP and SP

I figured the SAML response is totally based on the IDP clock. This means that there should be an explicit way to achieve clock synchronization between the IDP and SP.

Is there a standard way to achieve this?

Thanks.
Siddhartha

2009/3/30 Siddhartha Purkayastha <kpsiddharth@gmail.com>
Hello All,

I have been trying to find references on how IssueInstant of the SAML request and validity period of the assertion are synchronized, given that the 2 are generated in 2 different environments. I understand that the SP and IDP clocks need to be synchronized for security reasons as reuse of stolen assertions etc.

However, I wanted to ask a more specific question. Given a SAML request, does the IDP generate the validity period relative to the IssueInstant provided to it by the SP or is it based on its own system clock?

It would be great if someone could point me to documentation/specs on the above.

Thanks,
Siddhartha

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]