Possible to ignore AuthnStatement at SessionNotOnOrAfter ?
joel_emery@archibus.com
Joel_Emery at archibus.com
Fri Feb 14 11:13:46 EST 2014
Hi Guys,
My SP is federated with a big company's home-grown IdP. The IdP sets the same value for Conditions at NotOnOrAfter and AuthnStatement at SessionNotOnOrAfter. Since Conditions at NotOnOrAfter is set for 2 minutes the users of the protected resource see a lot of session timeouts.
The operators of the IdP do not want to change their code to allow setting a longer value for AuthnStatement at SessionNotOnOrAfter. Instead, they would just like Shibboleth to ignore AuthnStatement at SessionNotOnOrAfter altogether.
Is it possible, using just configuration changes, to ignore the AuthnStatement at SessionNotOnOrAfter value?
Joel Emery
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140214/2f06588e/attachment.html
More information about the users
mailing list