Google SAML assertion expiration time

Question

How much time is SAML assertion valid, after I got a successful response to my callback url?

My use case: I want to be able to send requests to a 3rd party web sever from my web server, and I would like to authenticate my user using this SAML assertion. That's why I ask about its expiration time.

[SAML-2.0 - NotOnOrAfter in SubjectConfirmationData and Conditions and SessionNotOnOrAfter](https://stackoverflow.com/questions/29508906/notonorafter-in-subjectconfirmationdata-and-conditions-and-sessionnotonorafter) — Akshay G, Aug 08 '22 at 15:27

score 0 · Answer 1 · answered Aug 04 '22 at 23:26

0

The assertion should have a NotBefore and NotAfter to give you the validity period. if it does not your application should enforce a maximum time range

answered Aug 04 '22 at 23:26

Timothy Legge

459
1
4
5

Google SAML assertion expiration time

1 Answers1