This content has been marked as final.
Show 2 replies
-
1. Re: SP Attribute Refresh
kirkm Jan 27, 2015 4:02 PM (in response to kirkm)Does the Picketlink SP validate the session once it is established based on the NotOnOrAfter attribute?
-
2. Re: SP Attribute Refresh
pcraveiro Feb 21, 2015 9:43 AM (in response to kirkm)Hey Kirk,
What PL does is check these time conditions when receiving a SAML Response from the IdP. If they are invalid, SP will deny and session will not be established. This is performed only during the first request to the SP.
Once the user is authenticated and have a valid session on the SP, PL will never check the conditions again. The session timeout is defined in your web.xml and managed by the web container.
I would suggest you to use short-lived assertions, the enough to get users authenticated in your SPs.
Regards.