Scenario:
1) Browser(User) requests resource from Service Provider (SP).
2) SP Redirects (with SAML Request) to Identity Provider (IdP).
3) Since it is first login, User gives the (IdP) his/her valid credentials.
4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page.
I have gone through : Are SAML tokens cache/stored anywhere on the browser? Not helped.
I there any settings on idp (OpenAM) side to resolve it? (I have unchecked Disable Federation persistence if NameID Format is unspecified:)
idp: OpenAM-12.0.0, sp: redmine SAML ominiauth
So what I miss here, I don't get it.
I got a solution by exploring the stuff at OpenAM side. There is no issue with SAML plugin. It is OpenAM which cached SAML assertion attributes so every time it takes old assertion with SAML response. To resolve issue need to follow below steps in OpenAM:
1) Select Federation-Select SP (from entity provider list)-Assertion content
-Check "Disable Federation persistence if NameID Format is unspecified:"
2) If above case won't work then follow this process:
-Select configuration-Servers and Sites-Default Server Settings:
-Add following properties:
-com.sun.identity.idm.cache.entry.expire.enabled=true
-com.sun.identity.idm.cache.entry.user.expire.time=10
-com.sun.identity.idm.cache.entry.default.expire.time=10