Skip to content
This repository has been archived by the owner on Nov 29, 2022. It is now read-only.

SES-4: Make sessions expire according to the session notOnOrAfter in the SAML response message #25

Closed
spring-projects-issues opened this issue Aug 25, 2009 · 1 comment
Closed

SES-4: Make sessions expire according to the session notOnOrAfter in the SAML response message #25

spring-projects-issues opened this issue Aug 25, 2009 · 1 comment
Labels
in: core An issue in spring-security-saml-core type: jira An issue that was migrated from JIRA
Milestone
saml-1.0.0.RC1

Comments

@spring-projects-issues
Copy link

Mandus Elfving (Migrated from SES-4) said:

Add functionality to end a users session and make him/her reauthenticate with the IDP when the session expires according to the session notOnOrAfter in the SAML response message.
@spring-projects-issues
Copy link
Author

Vladimir Schäfer said:

Optional value sessionNotOnOrAfter from authenication statements in the assertion is now taken into account during creation of user's session. Authentication object automatically expires on sessionNotOnOrAfter (if present) and thus forces user to reauthenticate with IDP.

@spring-projects-issues spring-projects-issues added in: core An issue in spring-security-saml-core Closed type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@SanthoshEnricher SanthoshEnricher mentioned this issue Sep 14, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
in: core An issue in spring-security-saml-core type: jira An issue that was migrated from JIRA
Milestone
saml-1.0.0.RC1
Development

No branches or pull requests
1 participant
@spring-projects-issues