+xI'm not sure what you mean by the validity of the session ID or assertion ID. The SAML assertion has a limited validity period (usually a few minutes). It's used once and then discarded. Your local authentication session (ie the auto login that you application performs using information from the SAML assertion) usually is much longer. It's not clear to me how you would use the assertion ID to "auto logout from application if the same user is able to login in another browser". Could you provide more details regarding your requirements? How did you hope to implement these requirements? How did you want to use the assertion ID? What do you mean by checking if the assertion ID is valid for the user? What do you mean by the session ID? Thanks for Explaining about Assertion ID in Details. We have set the "Max Logins Per User" as 1. It means that one session can be created for a user and if user tried to login on another browser then that Old session will be terminated by IDP. So forgot about that Assertion ID. Can I check if the Session id associated in ISSOSessionStore is still valid or not? As I am using Distributed session management with the help of ISSOSessionStore. Please let me know for more info.
|