Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam2
Contributor
Jump to solution

SAML authentication token timeout/revocation for remote access VPN

Does anyone know if the full endpoint client will periodically check if the saml token used for VPN auth is still valid? Does it check when the tunnel is renegotiated when it reaches its timeout?

In testing I had my saml token revoked, all my ms office products immediately forced a re-auth but the VPN client has remained connected, curious if there is an official answer to how revoking a saml token will impact the vpn. 


 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If it's consistent with how it works for other authentication methods, it's done at the re-authentication timer.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

If it's consistent with how it works for other authentication methods, it's done at the re-authentication timer.

0 Kudos
Abhi_G
Employee
Employee
  1. How the re-authentication will happen with browser base SAML authentication? If it happens, What is the time interval for re-authentication?
  2. How we can enforce to re-authentication any specific user?

Any suggestions on this? @PhoneBoy 

0 Kudos
PhoneBoy
Admin
Admin

The browser should pop-up to request authentication again.
However, whether the user needs to re-authenticate or not depends entirely on the IdP configuration.
In general, when using SAML Auth, these settings must be configured in the IdP.
Consult the relevant documentation for your IdP. 
You can force the entire authentication flow every time using the following SK, but it applies to every user: https://support.checkpoint.com/results/sk/sk180948 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events