0001-idp_saml2-set-sessionNotOnOrAfter-to-half-the-curren.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
456 | 456 |
# Set SessionNotOnOrAfter to expiry date of the current session, so we are sure no session on |
457 | 457 |
# service providers can outlive the IdP session. |
458 | 458 |
expiry_date = request.session.get_expiry_date() |
459 |
assertion.authnStatement[0].sessionNotOnOrAfter = datetime_to_xs_datetime(expiry_date) |
|
459 |
session_not_on_or_after = now + (expiry_date - now) * 0.5 |
|
460 |
assertion.authnStatement[0].sessionNotOnOrAfter = datetime_to_xs_datetime(session_not_on_or_after) |
|
460 | 461 |
logger.debug('assertion building in progress %s', force_text(assertion.dump())) |
461 | 462 |
fill_assertion(request, login.request, assertion, login.remoteProviderId, nid_format) |
462 | 463 |
# Save federation and new session |
463 |
- |