"assertion has expired" error: enforcement of SAML assertion lifetime values

lihua.zhang · May 8, 2023, 11:28pm

Problem statement

Does the application support the enforcement of the SAML assertion lifetime values set by the IdP and reject expired tokens?

Set up a SAML connection with the SAML Mock tool (https://saml-mock.vercel.app/ or https://samlmock.dev/)
Enable IdP-initiated responses in the SAML connection settings
Go to https://samlmock.dev/idp, configure the appropriate ACL and audience, and hard-code old NotOnOrAfter dates in the SAML response
See that you’ll get an “assertion has expired” error in the tenant logs.

Yes, Auth0 enforces SAML assertion lifetime values set by the SAML IdP and will reject expired tokens with an “assertion has expired” error.

Topic		Replies	Views
Encrypted SAML Assertions Help saml	4	4974	January 2, 2020
SAML Assertion signature is invalid Help saml , saml2	4	8107	August 31, 2021
"Action Required for "my-saml-link" connection: Signing certificate will expire in 29 days" Knowledge Articles	1	1081	June 19, 2023
SAML Connection stops working Knowledge Articles saml , certificate , expire	1	1973	August 22, 2022
Saml Invalid Signature Issue Help saml	1	2209	April 7, 2022