Atlassian SAML Handbook

6. Advanced SSO Settings

 

  • Remember-Me cookie: If enabled, the plugin will create a user session with remember me cookies, the user will not be logged out of the application until he logs out explicitly.
  • Validate IDP’s SAML Response: Each SAML Response is valid for a particular time interval defined by the NotOnAfter and NotOnBefore attributes of the SAML Response. In case, application’s server time in not in-between the time specified by those attributes even there is the difference of milliseconds only, SAML Response gets invalidated and the user will not be able to login. In this case, you can configure the time difference here to make SAML Response valid. You will find the exact time difference to be configured in the Test Configuration window.

Note: The recommended solution is to synchronize the application time with the IDP’s time.

For example, If SAML response has a valid time span as 01:01:00 to 01:06:00 and SP’s server has a time difference of 1 minute i.e. 12:59:00 at present on SP’s server. The application will throw an error saying “invalid response received”. In case the time is negotiated by 1 minute, the application will accept SAML response and validate it.