vkleinschmidt
commented
3 years ago Why would you ever want to do this? This is a global property for the entire organization, and the setting in each application should match what the IdP is configured for.
https://docs.spring.io/autorepo/docs/spring-security-saml/1.0.4.RELEASE/api/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.html#setMaxAuthenticationAge-long-
here we can find a bean which could be configured, exactly I need maxAuthenticationAge timeout in seconds, which by defaults is set to 7200 seconds. So I can override it, but it will affect all application setting. Is it possible to configure it per request/session/user. I have an idea to use it in http filter, we intercept request and check user settings and then set this authentication age. But will this not affect the entire application?