shibboleth-dev - Re: NotOnOrAfter property of SAML
Subject: Shibboleth Developers
List archive
- From: "Tom Scavo" <>
- To:
- Subject: Re: NotOnOrAfter property of SAML
- Date: Thu, 30 Nov 2006 08:46:34 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y0fndTjbCsZemf3Lg01HC7ICxduHAdtHq/Lz1pt/VnNxP2cYl45egKCfE0+hZYvX0adMCuJQii1CAorl3JX3lRuq6mEFHOA2Uuta6I9x3ydsMniGLjaTBUZ8io/vdrz0rUZXcmLJRbBgkYZwayr6OttqCxPm+MPwAZsKg7ehh5w=
On 11/30/06, Kang Tang
<>
wrote:
I am wondering whether NotOnOrAfter property of a SAML assertion from
Shibboleth IdP, which I believe indicate the expiring time of SAML
assertion, is configurable or not?
No, it's not. The short lifetime of the bearer assertion is a
requirement of the browser profile. See the SAML V1.1 Bindings
specification:
http://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-bindings-1.1.pdf
It seems like it's 5 minutes by default?
Correct. This is not configurable.
Tom
- ProtectNetwork privacy controls, Tom Scavo, 11/28/2006
- Re: ProtectNetwork privacy controls, RL 'Bob' Morgan, 11/28/2006
- Re: ProtectNetwork privacy controls--rhetorical question, Nathan Dors, 11/28/2006
- Re: ProtectNetwork privacy controls--rhetorical question, Tom Scavo, 11/28/2006
- NotOnOrAfter property of SAML, Kang Tang, 11/30/2006
- Re: NotOnOrAfter property of SAML, Tom Scavo, 11/30/2006
- NotOnOrAfter property of SAML, Kang Tang, 11/30/2006
- Re: ProtectNetwork privacy controls--rhetorical question, Thomas Lenggenhager, 11/30/2006
- Re: ProtectNetwork privacy controls--rhetorical question, Tom Scavo, 11/28/2006
- Re: ProtectNetwork privacy controls, Thomas Lenggenhager, 11/30/2006
- Re: ProtectNetwork privacy controls--rhetorical question, Nathan Dors, 11/28/2006
- Re: ProtectNetwork privacy controls, RL 'Bob' Morgan, 11/28/2006
Archive powered by MHonArc 2.6.16.