Missing SAML configurable parameters ResponseSkew and MaxAuthenticationAge
fmaeseele opened this issue · 1 comments
fmaeseele commented
Hi,
To be fully configurable and compliant, it would be great to be able to configure these two SAML parameters:
- ResponseSkew: Maximum time between authentication of user and processing of an authentication statement (default is 7200s).
- MaxAuthenticationAge: Tolerance applied for time comparisons between IDP clock and ServiceProvider system clock (default is 60s).
More documentation in Spring Security Framework:
https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html#time-interval
These two parameters are very usefull when there is some differences between the IDP clock and the SAML Service Provider system clock, or also when Azure IDP issue SAML token valid for a few days.
Regards.