here we can find a bean which could be configured, exactly I need maxAuthenticationAge timeout in seconds, which by defaults is set to 7200 seconds. So I can override it, but it will affect all application setting. Is it possible to configure it per request/session/user.
I have an idea to use it in http filter, we intercept request and check user settings and then set this authentication age. But will this not affect the entire application?
Why would you ever want to do this? This is a global property for the entire organization, and the setting in each application should match what the IdP is configured for.
https://docs.spring.io/autorepo/docs/spring-security-saml/1.0.4.RELEASE/api/org/springframework/security/saml/websso/WebSSOProfileConsumerImpl.html#setMaxAuthenticationAge-long-
here we can find a bean which could be configured, exactly I need maxAuthenticationAge timeout in seconds, which by defaults is set to 7200 seconds. So I can override it, but it will affect all application setting. Is it possible to configure it per request/session/user. I have an idea to use it in http filter, we intercept request and check user settings and then set this authentication age. But will this not affect the entire application?