724: Disable expired SAML authentications

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=724

dariahsp-sample/src/main/resources/dariahsp.yml

 auth:
+  
   local: 
     users:  
       - username: 'admin'
@@ -29,6 +30,7 @@ auth:
       #requireLogoutRequestSigned: false
       #requireLogoutResponseSigned: false
       #requireAttributeQuerySigned: true
+      maxAuthAge: -1 # in seconds
       signMetadata    : true
       #signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
       discovery:

dariahsp-sample/src/main/resources/spring/security/security-context-saml.xml

@@ -34,7 +34,7 @@
     <!-- Handler deciding where to redirect user after failed login -->
     <bean id="failureRedirectHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
         <property name="useForward" value="true"/>
-        <property name="defaultFailureUrl" value="/error.jsp"/>
+        <property name="defaultFailureUrl" value="/errors"/>
     </bean>
 
     <security:authentication-manager alias="authenticationManager">
@@ -289,10 +289,14 @@
     </bean>
 
     <!-- SAML 2.0 WebSSO Assertion Consumer -->
-    <bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>
+    <bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl">
+    	<property name="maxAuthenticationAge" value="${auth.maxAuthAge:7200}" />
+    </bean>
 
     <!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
-    <bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
+    <bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl">
+    	<property name="maxAuthenticationAge" value="${auth.maxAuthAge:7200}" />
+    </bean>
 
     <!-- SAML 2.0 Web SSO profile -->
     <bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>