Reauthentication
37 views
Skip to first unread message
wennhe...@gmail.com
Aug 20, 2015, 10:43:48 AM8/20/15
to simpleSAMLphp
Is it possible for the SP to do regular checks with the IdP that the user session is still active?
Tom Scavo
Aug 20, 2015, 11:07:09 AM8/20/15
to simpleSAMLphp
On Thu, Aug 20, 2015 at 10:43 AM, <wennhe...@gmail.com> wrote:
> Is it possible for the SP to do regular checks with the IdP that the user
> session is still active?
That's exactly what AuthnRequest/[@IsPassive] is for.
> Is it possible for the SP to do regular checks with the IdP that the user
> session is still active?
Tom
wennhe...@gmail.com
Aug 20, 2015, 1:29:17 PM8/20/15
to simpleSAMLphp
Ahh, I am using the onelogin library on one of our other apps to sync and found I can send isPassive param though.
The problem with this is that the session id changes and another X hours are added to the timeout.
Is this normal?
<saml:AuthnStatement AuthnInstant="2015-08-20T16:34:09Z"
SessionNotOnOrAfter="2015-08-21T00:39:49Z"
SessionIndex="_XXXXXXXXXXXXXXXXXXXXX"
>
Reply all
Reply to author
Forward
0 new messages