Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-41298

Document maxAuthenticationAge property for SAML auth

    XMLWordPrintable

    Details

    • Type: Task
    • Status: RESOLVED
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 19.1, 20.0 [Tentative]
    • Component/s: Login
    • Labels:
    • 19 status:
      Resolved
    • Test Plan:
      Hide

      Please add a Test Plan here.

      Show
      Please add a Test Plan here.

      Description

      For SAML auth the maxAuthenticationAge property controls how old an authentication assertion may be before it is no longer accepted.

      https://stackoverflow.com/questions/39927651/maxauthenticationage-in-webssoprofileconsumerimpl

      https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html

      By default this is 7200s (2 hours), which may be shorter than that configured on the IdP. Hence a user using SAML auth may get a login failure, with "Unable to process that login" and the xloign page to login with username and password.

      The maxAuthenticationPage property should be exposed in the sample SAML config files so that it's more visible for implementers.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  smarquard Stephen Marquard
                  Reporter:
                  smarquard Stephen Marquard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code