[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: reuse condition vs. maximumTimeSinceAuthn
From: "Cantor, Scott via users" <users () shibboleth ! net>
Date: 2024-03-20 13:28:17
Message-ID: 9EA1E5DD-D758-4DAC-BAFF-5C8E90132210 () osu ! edu
[Download RAW message or body]
> But that would be plan b, since maximumTimeSinceAuthn sounds exactly like what I
> need.
It's not, that's a SAML proxy setting equivalent to the same setting in the SP (as \
the IdP is operating as one when it proxies). It controls validation based on the \
AuthnInstant in the assertion.
There is, in point of fact, no such thing in the IdP as a "session lifetime", only \
sliding windows based on inactivity. The relevant setting is the authentication flow \
result lifetime (or timeout), which the reuseCondition overrides/supplements, and \
that's not at the session level, it's at the individual flow result level.
-- Scott
--
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic