OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Authentication SAML


I’m wondering what is best way to do the following:


I’m using SAML for SSO and use AuthNRequest from my SP. In the response I get an assertion signed by the IdP, containing the details about the user’s authentication. But this assertion has <Conditions> that limit the time it is valid for “NotBefore” and “NotOnOrAfter”. Suppose this assertion expires but the user is still logged in at my SP, however I need a new assertion just like the one I got when the user was authenticated at the IdP but for a new time, I mean, so that it hasn’t yet expired.


How can I ask this new assertion from my SP? Using what protocol?


And, if the user changes his credentials at the IdP and he never logs off from the SP (imagine he never gets timeout, nor anything) how does SAML handle this? He will have a valid session for all of his lifetime or should he be forced to authenticate himself again at some time? In the end, does SAML play any part after a user changes his credentials ?


Filipa Moura

Technical Architecture - Security



ALERT Life Sciences Computing, S.A.
Arrábida Lake Towers
Rua Daciano Baptista Marques, 245
4400-617 V. N. Gaia
Tel.: +351 22 832 89 80
Fax.: +351 22 832 89 82
Tlm.: +351 96 739 31 73


This e-mail is privileged, confidential and contains private information. Any reading, retention, distribution or copying of this communication by any person other than its intended recipient is prohibited.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]