[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] OneTimeUse Clarification
On 11/21/20, 2:41 PM, "Stefan Rasmusson" <rasmusson.stefan@gmail.com> wrote: > Ok, could this for example be in the case of using SAML with web services? And then instead of allowing the sender to > reuse a token for each request would force the sender to get a newly issued one for each request? I guess. > Interesting. Do you mean that implementations generally do not store the assertion id of received assertion and check > incoming assertion for replay using this? Instead only relying on the NotAfter attributes? People rarely cluster replay caches, they're per-node and simply hygiene. The main check is against IssueInstant and against the NotOnOrAfter in the SubjectConfirmation. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]