// authnskew allows rejection of SSO if AuthnInstant is too old.
const PropertySet* sessionProps = application.getPropertySet("Sessions");
- pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+ pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
if (authnskew.first && authnskew.second &&
ssoStatement->getAuthenticationInstant() && (now - ssoStatement->getAuthenticationInstantEpoch() > authnskew.second))
<attribute name="idpHistoryDays" type="unsignedInt"/>\r
<attribute name="lifetime" type="unsignedInt" default="28800"/>\r
<attribute name="timeout" type="unsignedInt" default="3600"/>\r
- <attribute name="authnskew" type="unsignedInt"/>\r
+ <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>\r
<attribute name="checkAddress" type="boolean" default="true"/>\r
<attribute name="consistentAddress" type="boolean" default="true"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
// authnskew allows rejection of SSO if AuthnInstant is too old.
const PropertySet* sessionProps = application.getPropertySet("Sessions");
- pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+ pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
// Saves off error messages potentially helpful for users.
string contextualError;
// authnskew allows rejection of SSO if AuthnInstant is too old.
const PropertySet* sessionProps = application.getPropertySet("Sessions");
- pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("authnskew") : pair<bool,unsigned int>(false,0);
+ pair<bool,unsigned int> authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair<bool,unsigned int>(false,0);
// Saves off error messages potentially helpful for users.
string contextualError;