SAML Assertion Validity - Max value

book

Article ID: 143543

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

The article addresses the issue for saml token validity , When trying to configure token validity for an application as 4 hours saml token assertion does not allow more than an hour.

Cause

The default the max saml token validity can be configured as one hour.

Environment

Release : 9.2

CA API Management Gateway

Resolution

1. Save/Export policy to an XML.

2. Edit the XML and Increase the ConditionsNotBeforeSecondsInPast/ConditionsNotOnOrAfterExpirySeconds values to the needed. Ex: 4 hrs.

3. Save the XML.

4. Import the Saved XML.

5. Verify the usecase.

Additional Information

Saml Token Assertion documentation - https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/policy-assertions/assertion-palette/xml-security-assertions/create-saml-token-assertion.html