Shibboleth SP Conditions Rule to assert NotBefore and NotOnOrAfter

Thu Jan 28 18:00:31 UTC 2021

Prasanth,

Are you trying to force a new user session using that attribute?

If so, that's not what that attribute is used for. It's used for defining the validity window of a SAML response/assertion.

If the SP is retaining a valid user session for longer than you like, that's in the Shib SP settings for session duration.

On 1/28/21, 12:16, "users on behalf of Kalluru, Prasanth (ELS-LON)" <users-bounces at shibboleth.net on behalf of p.kumar.13 at elsevier.com> wrote:

    Thanks Scott,

    Is the SP granting access because of NotOnOrAfter still present in the SAML response?

    What kind of enforcement/check this PolicyRule makes in SP?

    	<PolicyRule type="Conditions">
                		<PolicyRule type="Audience"/>
            	</PolicyRule>
    -- 
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net