This content has been marked as final.
Show 1 reply
-
1. Re: Difference between TokenTimeout and ClockSkew ?
pcraveiro Nov 6, 2013 3:47 PM (in response to claudio4j)Hi Claudio,
TokenTimeout is related with the expiration time of the assertion.
The ClockSkew is used during the validation of the assertion's expiration time, which will increase the tolerance window to consider an assertion as expired.
Eg.: If your token timout is set to 1000, your assertion will expire in 1sec. But if you define the clock skew as 1000, during the validation PL will tolerate assertions with a expiration time of 2sec (token timeout + clock skew).
This is specially useful when dealing with different servers (where your idps and sps reside) with time differences.
Regards.