has anybody an advice, how long a SAML Token should be valid (in a SOA infrastructure)? I thought of several (6-12) hours.
many thanks Markus
has anybody an advice, how long a SAML Token should be valid (in a SOA infrastructure)? I thought of several (6-12) hours.
many thanks Markus
It is generally a bad idea to have such a high lifetime for your tokens, because they can theoretically be "stolen" and reused. Token issuance should not be an especially timely affair, so I would recommend that you reauthenticate your users with the STS quite often, and only let your token "live" for a few minutes.