AuthenticationTicket.ExpiresUtc not respecting NotOnOrAfter

We are using ComponentSpace SAML as authentication middleware in a .NET Core application. However, we are not able to set the AuthenticationTicket.ExpiresUtc to NotOnOrAfter SAML attribute. There is a feature in OIDC middleware in ASP.NET Core ‘OpenIdConnectOptions.UseTokenLifetime’ which can be used to respect the issues token lifetime. Is there any mechanism to do this in ComponentSpace or how to implement this as best practice.

We don’t support this in our middleware. The SAML assertion validity period (NotBerfore to NotOnOrAfter) usually is only a few minutes. The intention is that the SAML assertion is used to create a local authentication session whose expiry time usually is longer or sliding. The SAML assertion is short lived. The authentication session created from the SAML assertion normally is longer.

May I ask why you want to set the AuthenticationTicket.ExpiresUtc to NotOnOrAfter?