tags:

views:

44

answers:

1

has anybody an advice, how long a SAML Token should be valid (in a SOA infrastructure)? I thought of several (6-12) hours.

many thanks Markus

+2  A: 

It is generally a bad idea to have such a high lifetime for your tokens, because they can theoretically be "stolen" and reused. Token issuance should not be an especially timely affair, so I would recommend that you reauthenticate your users with the STS quite often, and only let your token "live" for a few minutes.

klausbyskov