Describe the problem you'd like to have solved
Add support for the OneTimeUse SAML condition, as an option to signal to service-providers to only accept a specific assertion once (keyed by the ID in the assertion).
Describe the ideal solution
Add a true/false flag in config for onlyOneTimeUse, to selectively add the condition to the assertion
Alternatives and current work-arounds
Setting a small lifetimeInSeconds helps mitigate the same sort of issues that OneTimeUse does. See some examples in the OWASP SAML Security cheatsheet
PS - Should consider the importance of fixing #73 , since we use the crypto functions referenced there to create the ID value that is used to enforce the one-time-use condition
Describe the problem you'd like to have solved
Add support for the
OneTimeUseSAML condition, as an option to signal to service-providers to only accept a specific assertion once (keyed by theIDin the assertion).Describe the ideal solution
Add a true/false flag in config for
onlyOneTimeUse, to selectively add the condition to the assertionAlternatives and current work-arounds
Setting a small
lifetimeInSecondshelps mitigate the same sort of issues that OneTimeUse does. See some examples in the OWASP SAML Security cheatsheetPS - Should consider the importance of fixing #73 , since we use the crypto functions referenced there to create the
IDvalue that is used to enforce the one-time-use condition