Univention Bugzilla – Bug 52323
Make SAML Assertion lifetime configurable
Last modified: 2020-11-25 12:08:04 CET
The default assertion lifetime is 300 seconds. We should make this configurable either via an UCR variable or via an LDAP attribute. If we raise the assertion lifetime, we don't need to renew the SAML assertion in the UMC so often for a session.
Patch which makes it configurable via LDAP/UDM is in git:fbest/52323-saml-assertion-lifetime. Please review. It removes the temporary UCR variable 'saml/idp/assertion-lifetime' which we delivered in the pre-patch. The new variable umc/saml/assertion-lifetime can be set before the initial joinscript execution to set it.
The assertion lifetime is now configurable via the UCR variable "umc/saml/assertion-lifetime". univention-saml.yaml bc813198b61f | YAML Bug #52323 univention-saml (6.0.2-62) c73ae1488ae7 | Bug #52323: make assertion.lifetime configurable univention-management-console.yaml bc813198b61f | YAML Bug #52323 univention-management-console (11.0.5-21) 3b9406e58c88 | Bug #52323: make assertion lifetime configurable
OK: LDAP and UDM OK: /usr/share/univention-management-console/saml/update_metadata OK: UCR variables OK: Actual results from session-info OK: YAML
<https://errata.software-univention.de/#/?erratum=4.4x822> <https://errata.software-univention.de/#/?erratum=4.4x826>