OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] OneTimeUse Clarification

On 11/21/20, 2:41 PM, "Stefan Rasmusson" <rasmusson.stefan@gmail.com> wrote:

>    Ok, could this for example be in the case of using SAML with web services? And then instead of allowing the sender to
> reuse a token for each request would force the sender to get a newly issued one for each request?

I guess.

>    Interesting. Do you mean that implementations generally do not store the assertion id of received assertion and check
> incoming assertion for replay using this? Instead only relying on the NotAfter attributes?

People rarely cluster replay caches, they're per-node and simply hygiene. The main check is against IssueInstant and against the NotOnOrAfter in the SubjectConfirmation.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]