Auth0 Community

"assertion has expired" error: enforcement of SAML assertion lifetime values

Knowledge Solutions

lihua.zhang May 8, 2023, 11:28pm 1

Problem statement

Does the application support the enforcement of the SAML assertion lifetime values set by the IdP and reject expired tokens?

Steps to reproduce

Set up a SAML connection with the SAML Mock tool (https://saml-mock.vercel.app/ or https://samlmock.dev/)
Enable IdP-initiated responses in the SAML connection settings
Go to https://samlmock.dev/idp, configure the appropriate ACL and audience, and hard-code old NotOnOrAfter dates in the SAML response
See that you’ll get an “assertion has expired” error in the tenant logs.

Solution

Yes, Auth0 enforces SAML assertion lifetime values set by the SAML IdP and will reject expired tokens with an “assertion has expired” error.

1 Like

May 2023 Community News