I am not even really looking for direct communication between the SP and IdP. When I, as the IdP, send the assertion to Google, it seems there should be something that I can add to the assertion that tells Google that this is only valid for a certain period of time (say 30 minutes, for example). If the user is using their Google app 31 minutes after their identity was checked, Google would detect that and run the browser through the assertion process again just to make sure the user is still who they say they are and their session with the IdP is still valid. The reason for session inactivity timeouts in our application are because users tend to walk away from machines without logging out or closing browsers. Do the Google apps have a concept of inactivity timeouts or is it that once you are in, you are in?
On Mar 27, 3:19 am, "Alex (Google)" <[EMAIL PROTECTED]> wrote: > Hi, > > The Google Apps implementation of SAML doesn't allow for direct > communcation between SP and IdP. It uses HTTP bindings, i.e. it > relies on the browser to be the conduit of messages between SP and > IdP. SAML is used very limitedly, only for sign in. There isn't even > a sign out service. > > One workaround is to launch Google Apps in a new window or tab, and > have a keep-alive web application which signs the user out (e.g. > forwards to a Google Apps sign out URL) if the IdP invalidates the > user. It's not foolproof since the user could simply close the keep- > alive page. > > -alex > > On Mar 25, 7:35 am, swtet <[EMAIL PROTECTED]> wrote: > > > > > When using SAML SSO, is there something that I can put in the response > > that will cause Google to validate the users identity again at a > > certain time? As the identity provider, I keep track of inactivity so > > I would like the Google apps to check back on occassion to make sure > > the user is still valid. Since I am fairly new to SAML, does this > > type of thing make sense to do or is there another way to accomplish > > this? If this is not the SAML way, any explanation about that would > > be helpful as well.- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
