Thank you for posting this in Microsoft Q&A.
I understand you are seeing different values of AuthnInstant
in different browsers.
Why do I get different values of
AuthnInstant
in the different use cases listed above?
The variation in AuthnInstant
values across different use cases is probably caused by discrepancies in how browsers cache SAML responses. When accessing the application in Chrome, it might retrieve a cached SAML response from 2 days ago, while in incognito mode it is not using the cache and is therefore getting a current date-time. Similarly, Firefox may be using a cached SAML response from 5 months ago.
Once a user is authenticated with Microsoft Entra ID, how long would it be valid?
The validity period of a SAML response is determined by the value of the NotBefore
and NotOnOrAfter
attributes in the Conditions element of the SAML response. These values are set by the identity provider and specifies the time at which the SAML response expires. Once the SAML response has expired, the user will need to re-authenticate to obtain a new SAML response.
For your reference: https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol#conditions
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.