Validating the IssueInstant parameter of a SAMLRequest

search cancel

Validating the IssueInstant parameter of a SAMLRequest

book

Article ID: 269999

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

Can Siteminder acting as IDP can validate IssueInstant parameter of a SAML Request?

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://_host" Destination="https://_host" ForceAuthn="false" ID="_xxxxxxxxxxxxxxxxxxxx" IssueInstant="2023-03-14T14:10:40Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://_sp.example.com</saml:Issuer> </samlp:AuthnRequest>

Environment

Release : All

Resolution

Evaluating the IssueInstant parameter is not a mandatory part of the SAML spec, and thus SiteMinder does not do so.

Additional Information

Enhancement requests (Ideas) can be submitted via the following process:
https://knowledge.broadcom.com/external/article?articleId=39337

Feedback

thumb_up Yes

thumb_down No