Show TOC

Configuring the Validity Period for SAML MessagesLocate this document in the navigation structure


To secure you service provider, limit the validity period of Security Assertion Markup Language (SAML) 2.0 messages that the service provider receives. However, delays in computer networks and skewed clocks can cause otherwise valid messages to become invalid. Use this procedure to configure how much time before and after the instant the identity provider created the SAML message that the service provider can accept it. The time of message creation is recorded in the SAML message in the IssueInstant attribute.


  1. Start SAP NetWeaver Administrator.
  2. Choose Start of the navigation path Configuration Management Next navigation step Security Next navigation step Authentication and Single Sign-On End of the navigation path and choose Start of the navigation path SAML 2.0 Next navigation step Local Provider End of the navigation path.
  3. Choose the Edit pushbutton.
  4. Choose the General Settings tab.
  5. Under Miscellaneous , configure the validity period for SAML messages by entering how many minutes before and after a message was issued that it becomes invalid.

    The default validity period is up to 5 minutes before and no more than 10 minutes after the message was created.

  6. Save your entries.