By: Praveen Srinivasan user 28 Apr 2021 at 1:09 a.m. CDT

1 Response
Praveen Srinivasan gravatar
Hi Team, I want to make sure that the session timeout on the SP should force re-authenticate user in a specific time limit. As I go through SAML flow I found that we can have `SessionNotOnOrAfter` attribute to make sure that the user is authenticated in that specific time. How to add `SessionNotOnOrAfter` attribute in saml assersion response? I could see some tickets that has `SessionNotOnOrAfter` work, but I couldn't find a way to enable `SessionNotOnOrAfter` attribute. Please guide how to add SessionNotOnOrAfter in assertion response.

By Michael Schwartz staff 28 Apr 2021 at 10:43 a.m. CDT

Michael Schwartz gravatar
This is configurable in the Shib IDP. See: https://wiki.shibboleth.net/confluence/display/IDP4/ProfileConfiguration-SAML2SSO I'm not sure if this can be set at the server level, or it needs to be configured for each RP. If for each RP, you may need to do a custom template for that website.