2

<Conditions NotBefore="2019-08-17T12:53:23.403Z" NotOnOrAfter="2019-08-17T13:58:23.503Z">

I want to refresh NotOnOrAfter value whenever the time has been expired. This value is part of IDP SAML response. Refresh should happen between SP and IDP without interaction of browser.(which means I want to make a silent refresh in the background during any API call)

The issue I am facing is whenever I contact IDP it is redirecting back to /saml/SSO. Due to this my page is refreshing. But the same thing should happen without any re-directions in the UI.

Please help me here.

Shiva Jaini
  • 63
  • 6
  • Spring security supports the SAML 2.0 `Web Browser SSO Profile` and interaction between SP and IDP is not possible without the browser. But you can customize the code to ignore NotOnOrAfter or select a different expiration time. See [SAML assertion expiry vs Application session expiry](https://stackoverflow.com/questions/29954876). – Ritesh Aug 01 '20 at 04:38
  • Thanks for the response. But there is still some problem over here. If I have to ignore NotOnOrAfter it would be security problem because SP would not know when person has reset password from another device till SP makes a call to IDP. If I consider NotOnOrAfter, browser redirection happens for every hour or some particular time. It would be bad user experience. Is there any chance Server to Server calls between IDP and SP. My IDP is Azure AD @Ritesh – Shiva Jaini Aug 01 '20 at 08:09

0 Answers0