SAML AuthInstant is after server time
Cantor, Scott
cantor.2 at osu.edu
Thu Nov 20 09:44:58 EST 2014
On 11/20/14, 8:09 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>* Peter Schober <peter.schober at univie.ac.at> [2014-11-20 09:07]:
>> I just wonder why the IDP issues such assertions, with NotBefore full
>> 5 minutes later than the AuthnInstant. (Started a fresh browser
>> session, no session at IDP or SP.)
>
>The Assertion/@IssueInstant matches the Conditions/@NotBefore exactly.
>So where does the AuthnInstant value come from?
The time of the original authentication, or at least it should. I think
Eric would have caught us on that if we were getting it wrong.
-- Scott
More information about the users
mailing list