From 07e6d8daf3082ab51b3624afb03b2a3f6da9c44f Mon Sep 17 00:00:00 2001
From: Michal Hajas <mhajas@redhat.com>
Date: Thu, 11 Jul 2019 12:43:19 +0200
Subject: [PATCH] KEYCLOAK-10776 Add info about session length in
 authnStatement to docs

---
 server_admin/topics/clients/client-saml.adoc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server_admin/topics/clients/client-saml.adoc b/server_admin/topics/clients/client-saml.adoc
index 5cdc11c6c5..5b4d7239a0 100644
--- a/server_admin/topics/clients/client-saml.adoc
+++ b/server_admin/topics/clients/client-saml.adoc
@@ -50,8 +50,9 @@ Consent Required::
   If you've ever done a social login to Google, you'll often see a similar page.  {project_name} provides the same functionality.
 
 Include AuthnStatement::
-  SAML login responses may specify the authentication method used (password, etc.) as well as a timestamp of the login.
-  Setting this to on will include that statement in the response document. 
+  SAML login responses may specify the authentication method used (password, etc.) as well as timestamps of the login and the session expiration.
+  This is enabled by default, which means that `AuthStatement` element will be included in login responses. Note that setting this to off
+  would prevent the client from determining the maximum session length which could result into never expiring client session.
 
 Sign Documents::
   When turned on, {project_name} will sign the document using the realm's private key.