Single-Use Policy With POST Profile (Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide)

Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide

Previous: Web Browser Artifact Profile
Next: SAML SOAP Receiver

Single-Use Policy With POST Profile

According to the SAML specifications, the trusted partner site must ensure a single-use policy for SSO assertions that are communicated using the Web Browser POST Profile. SAMLPOSTProfileServlet maintains a store of SSO assertion identifiers and the time that they expire. When an assertion is received, the servlet first checks for an entry in the map. If an entry exists, the servlet returns an error. If an entry does not exist, the assertion identifier and expiration time are saved to the map. POSTCleanUpThread removes expired assertion identifiers periodically.

Previous: Web Browser Artifact Profile
Next: SAML SOAP Receiver