[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Clock Synchronization bwtween IDP and SP
I have been trying to find references on how IssueInstant of the SAML request and validity period of the assertion are synchronized, given that the 2 are generated in 2 different environments. I understand that the SP and IDP clocks need to be synchronized for security reasons as reuse of stolen assertions etc.
However, I wanted to ask a more specific question. Given a SAML request, does the IDP generate the validity period relative to the IssueInstant provided to it by the SP or is it based on its own system clock?
It would be great if someone could point me to documentation/specs on the above.