[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Authentication SAML
Hello, I’m wondering what is best way to do
the following: I’m using SAML for SSO and use
AuthNRequest from my SP. In the response I get an assertion signed by the IdP,
containing the details about the user’s authentication. But this
assertion has <Conditions> that limit the time it is valid for “NotBefore”
and “NotOnOrAfter”. Suppose this assertion expires but the user is
still logged in at my SP, however I need a new assertion just like the one I got
when the user was authenticated at the IdP but for a new time, I mean, so that it
hasn’t yet expired. How can I ask this new assertion from my
SP? Using what protocol? And, if the user changes his credentials at
the IdP and he never logs off from the SP (imagine he never gets timeout, nor
anything) how does SAML handle this? He will have a valid session for all of
his lifetime or should he be forced to authenticate himself again at some time?
In the end, does SAML play any part after a user changes his credentials ? Filipa
Moura Technical
Architecture - Security ALERT
Life Sciences Computing, S.A. This
e-mail is privileged, confidential and contains private information. Any
reading, retention, distribution or copying of this communication by any person
other than its intended recipient is prohibited. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]