After authenticating to our IDP, instead of logging in, we receive a SamlException: No Valid subject assertion found in response in our browser, when the Maximum Authentication LIfetime is set to anything greater then 24 days (2073600 seconds).

As soon as I set this to 24 days or smaller then Jenkins does not crash and everything works fine, until our users experiences the crash because the MAL has exceeded our IDP session timeout.

Our IDP session timeout is 30 days.

The SAML Plugin documentation says to set the Maximum Authentication Lifetime to greater then your IDP session timeout. We try and set it to 31 days or 2678400 seconds but that fails and we get an 'angry Jenkins face' and the output in the jenkins-saml-stack-trace-browser-message file.