Project

General

Profile

0001-idp_saml2-set-sessionNotOnOrAfter-to-half-the-curren.patch

Benjamin Dauvergne, 10 Sep 2021 04:55 PM

Download (1.35 KB)

View differences:

Subject: [PATCH] idp_saml2: set sessionNotOnOrAfter to half the current
 session duration (#56865)

 src/authentic2/idp/saml/saml2_endpoints.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
src/authentic2/idp/saml/saml2_endpoints.py
456 456
    # Set SessionNotOnOrAfter to expiry date of the current session, so we are sure no session on
457 457
    # service providers can outlive the IdP session.
458 458
    expiry_date = request.session.get_expiry_date()
459
    assertion.authnStatement[0].sessionNotOnOrAfter = datetime_to_xs_datetime(expiry_date)
459
    session_not_on_or_after = now + (expiry_date - now) * 0.5
460
    assertion.authnStatement[0].sessionNotOnOrAfter = datetime_to_xs_datetime(session_not_on_or_after)
460 461
    logger.debug('assertion building in progress %s', force_text(assertion.dump()))
461 462
    fill_assertion(request, login.request, assertion, login.remoteProviderId, nid_format)
462 463
    # Save federation and new session
463
-