Forum Discussion

Nimbostratus

Apr 28, 2015

ASSERTION_SUBJECT_CONFIRM_NOTONORAFTER not respected

Hi! I'm using APM to implement a SAML SP. APM will successfully validate a SAMLResponse even if the time specified by NotOnOrAfter in the SubjectConfirmationData element has passed. Shouldn't thi...

BIG-IP Access Policy Manager (APM)

security

Ingebrigt_Maurs

Nimbostratus

Sep 29, 2015

Any progress on this?

NotOnOrAfter is in there to ensure SAML tokens do not remain valid forever, so IMHO a pretty important security feature.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASSERTION_SUBJECT_CONFIRM_NOTONORAFTER not respected

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Related Content

LTM - Connection limit not respected

Management GUI - session timeout not being respected

Is SAML 2.0 ForceAuthn respected?

Monitor log down and up respectively

FQDN Objects not respecting the DNS Interval

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS