AnsweredAssumed Answered

Sessionnotonorafterin in Authnstatement

Question asked by brodginskicc on Dec 1, 2014
Latest reply on Dec 17, 2014 by jack.saunders


It appears the validity interval set in an SP object appears in the assertion in Conditions NotOnOrAfter, as well as in the AuthnStatement SessionNotOnOrAfter (see below)

 

I understand the use of NotOnOrAfter (to determine the age of the assertion and reject if it exceeds the validity interval), but what is it used for as SessionNotOnOrAfter in the Authnstatement?

 

<ns2:Conditions NotBefore="2014-12-01T20:00:41Z"

NotOnOrAfter="2014-12-01T20:02:41Z">

 

<ns2:AuthnStatement AuthnInstant="2014-12-01T20:01:10Z"

SessionIndex="kAMTaOkLxF3G9QyrU8GXZuz08z4=m2dwlg=="

SessionNotOnOrAfter="2014-12-01T20:02:41Z">

Outcomes