Minimize SAML notBefore or notOnOrAfter constraint duration [Updated in Security Center 1.3 and 1.5]
-
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Platform Security
Configure this property to add a grace period in which SAML requests and responses are considered valid.
This property adds a grace period during which SAML requests and responses are considered valid. The property value represents the number of seconds to add to the NotBefore and NotOnOrAfter constraints to account for time differences between the Identity Provider (IdP) clock, and Service Provider (SP) clock. These constraints defend against replay attacks by denying requests that aren’t made within the specified time frame. If the IdP and SP clocks are significantly different, then the network latency may result in the SAML request being unauthorized.