By: Praveen Srinivasan user 28 Apr 2021 at 1:09 a.m. CDT

1 Response
Praveen Srinivasan gravatar
Hi Team, I want to make sure that the session timeout on the SP should force re-authenticate user in a specific time limit. As I go through SAML flow I found that we can have `SessionNotOnOrAfter` attribute to make sure that the user is authenticated in that specific time. How to add `SessionNotOnOrAfter` attribute in saml assersion response? I could see some tickets that has `SessionNotOnOrAfter` work, but I couldn't find a way to enable `SessionNotOnOrAfter` attribute. Please guide how to add SessionNotOnOrAfter in assertion response.

By Michael Schwartz Account Admin 28 Apr 2021 at 10:43 a.m. CDT

Michael Schwartz gravatar
This is configurable in the Shib IDP. See: I'm not sure if this can be set at the server level, or it needs to be configured for each RP. If for each RP, you may need to do a custom template for that website.