CloudI.67773 (Customer) asked a question.
Can Okta support SessionNotOnOrAfter for custom SAML applications?
SessionNotOnOrAfter [Optional] Specifies a time instant at which the session between the principal identified by the subject and the SAML authority issuing this statement MUST be considered ended. The time value is encoded in UTC, as described in Section 1.3.3. There is no required relationship between this attribute and a NotOnOrAfter condition attribute that may be present in the assertion. Per http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf Page 27 This seems like something that we should be able to do for custom applications. Is this on a roadmap?
We have 3 SaaS applications (including GitHub) which is currently implemented via CA Siteminder(supports this feature) which require this setting to control the Session Time out in application side. We are in the process of migrating to OKTA and this feature is a show stopper for those applications which require this setting, as part of the SAML assertion. Can you please provide an update on the progress of this enhancement.
Ref. from CA Siteminder.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/legacy-federation/configure-a-saml-2-0-identity-provider/single-sign-on-configuration-for-saml-2-0
Is there any update on this feature ?
Any update on this?
This went Early Access about a month ago I believe but they now support this via SAML Inline hooks. We use this internally and it works great. The only caveat is you need to roll your own inline hook. Pretty trivial to do with some python running in a AWS lambda behind an API Gateway.