How long should a SAML Token be valid
https://stackoverflow.com/questions/2176573
-
24-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
has anybody an advice, how long a SAML Token should be valid (in a SOA infrastructure)? I thought of several (6-12) hours.
many thanks Markus
Solution
It is generally a bad idea to have such a high lifetime for your tokens, because they can theoretically be "stolen" and reused. Token issuance should not be an especially timely affair, so I would recommend that you reauthenticate your users with the STS quite often, and only let your token "live" for a few minutes.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
