In the Skew Time field on the General tab, enter the difference, in seconds, between the system clock at the Account Partner and the system clock at the Resource Partner.
For single sign-on, the values of the Validity Duration (set on the SSO tab) and Skew Time (set on the General tab) instruct how the WS-Federation Assertion Generator calculates the total time that an assertion is valid. In the assertion document, the beginning and end of the validity interval is represented by the NotBefore and NotOnOrAfter values.
To determine the beginning of the validity interval, the assertion generator takes the system time when the assertion is generated and sets the IssueInstant value in the assertion according to this time. It then subtracts the Skew Time value from the IssueInstant value. The resulting time becomes the NotBefore value.
To determine the end of the validity interval, the assertion generator adds the Validity Duration value and the Skew Time together. The resulting time becomes the NotOnOrAfter value. Times are relative to GMT.
For example, an assertion is generated at the Account Partner at 1:00 GMT. The skew time is 30 seconds and the validity duration is 60 seconds, making the assertion validity interval between 12:59:30 GMT and 1:01:30 GMT. This interval begins 30 seconds prior to the time the assertion was generated and ends 90 seconds afterward.
Copyright © 2012 CA.
All rights reserved.
|
|