Saml spec allows for a SessionNotOnOrAfter attribute inside the AuthnStatement and I see some getters/setters for that attribute in AuthnStatementType.java, but it doesn't look like it gets invoked anywhere, so we can't actually use it.

Were there any plans to give us a way to specify a value for this attribute, or just set it to the length of sso session max? I had some clients asking about it.

Jared