[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] OneTimeUse Clarification
On 11/21/20, 2:41 PM, "Stefan Rasmusson" <rasmusson.stefan@gmail.com> wrote:
>Â Â Ok, could this for example be in the case of using SAML with web services? And then instead of allowing the sender to
> reuse a token for each request would force the sender to get a newly issued one for each request?
I guess.
>Â Â Interesting. Do you mean that implementations generally do not store the assertion id of received assertion and check
> incoming assertion for replay using this? Instead only relying on the NotAfter attributes?
People rarely cluster replay caches, they're per-node and simply hygiene. The main check is against IssueInstant and against the NotOnOrAfter in the SubjectConfirmation.
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]