|
|
|
Upon successful validation of a SAML 2.0 assertion, the authentication scheme writes assertion data in the expiry data table. The data includes an assertion ID key and an expiration time. The session server management thread in the Policy Server deletes expired data from the expiry data table.
If the scheme tries to validate assertion data and an expiry data entry has the same assertion ID key, writing assertion data fails. If the scheme cannot write to the expiry table, the SAML 2.0 authentication scheme denies the authentication in the same manner as an invalid assertion.
If single use of the assertion cannot be enforced because the database is unavailable, the authentication scheme denies the request and the assertion is not reused.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |