Current versions don't validate that the SAML assertion conditions for NotOnOrAfter are met. Without checking this parameter, apps are vulnerable to replay attacks where the user can save the SAML assertion and post it back to the app in the future without having to log in.
Current versions don't validate that the SAML assertion conditions for NotOnOrAfter are met. Without checking this parameter, apps are vulnerable to replay attacks where the user can save the SAML assertion and post it back to the app in the future without having to log in.