How much time is SAML assertion valid, after I got a successful response to my callback url?
My use case: I want to be able to send requests to a 3rd party web sever from my web server, and I would like to authenticate my user using this SAML assertion. That's why I ask about its expiration time.
The assertion should have a NotBefore and NotAfter to give you the validity period. if it does not your application should enforce a maximum time range