Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-41298

Document maxAuthenticationAge property for SAML auth

    Details

    • Type: Task
    • Status: RESOLVED
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 19.1, 20.0
    • Component/s: Login
    • Labels:
    • Test Plan:
      Hide

      Please add a Test Plan here.

      Show
      Please add a Test Plan here.
    • 19 status:
      Resolved

      Description

      For SAML auth the maxAuthenticationAge property controls how old an authentication assertion may be before it is no longer accepted.

      https://stackoverflow.com/questions/39927651/maxauthenticationage-in-webssoprofileconsumerimpl

      https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html

      By default this is 7200s (2 hours), which may be shorter than that configured on the IdP. Hence a user using SAML auth may get a login failure, with "Unable to process that login" and the xloign page to login with username and password.

      The maxAuthenticationPage property should be exposed in the sample SAML config files so that it's more visible for implementers.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  smarquard Stephen Marquard
                  Reporter:
                  smarquard Stephen Marquard
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration