Forum Discussion

Nimbostratus

Apr 28, 2015

ASSERTION_SUBJECT_CONFIRM_NOTONORAFTER not respected

Hi! I'm using APM to implement a SAML SP. APM will successfully validate a SAMLResponse even if the time specified by NotOnOrAfter in the SubjectConfirmationData element has passed. Shouldn't thi...

BIG-IP Access Policy Manager (APM)

security

Ingebrigt_Maurs

Nimbostratus

Sep 29, 2015

Any progress on this?

NotOnOrAfter is in there to ensure SAML tokens do not remain valid forever, so IMHO a pretty important security feature.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASSERTION_SUBJECT_CONFIRM_NOTONORAFTER not respected

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Illigal Parameter addition as custom signature set wanted to Unblock

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

LTM - Connection limit not respected

Management GUI - session timeout not being respected

Is SAML 2.0 ForceAuthn respected?

Monitor log down and up respectively

FQDN Objects not respecting the DNS Interval

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS