diff --git a/saml-core/src/main/java/org/keycloak/saml/SAML2LoginResponseBuilder.java b/saml-core/src/main/java/org/keycloak/saml/SAML2LoginResponseBuilder.java
index 6be861e392..31e6cbf955 100755
--- a/saml-core/src/main/java/org/keycloak/saml/SAML2LoginResponseBuilder.java
+++ b/saml-core/src/main/java/org/keycloak/saml/SAML2LoginResponseBuilder.java
@@ -213,13 +213,13 @@ public class SAML2LoginResponseBuilder implements SamlProtocolExtensionsAwareBui
         //Update Conditions NotOnOrAfter
         if(assertionExpiration > 0) {
             ConditionsType conditions = assertion.getConditions();
-            conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000));
+            conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
         }
 
         //Update SubjectConfirmationData NotOnOrAfter
         if(subjectExpiration > 0) {
             SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
-            subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000));
+            subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
         }
 
         // Create an AuthnStatementType
@@ -232,7 +232,7 @@ public class SAML2LoginResponseBuilder implements SamlProtocolExtensionsAwareBui
                     authContextRef);
 
             if (sessionExpiration > 0)
-                authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000));
+                authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
 
             if (sessionIndex != null) authnStatement.setSessionIndex(sessionIndex);
             else authnStatement.setSessionIndex(assertion.getID());
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/SessionNotOnOrAfterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/SessionNotOnOrAfterTest.java
index 4474c5d14a..b21f407755 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/SessionNotOnOrAfterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/SessionNotOnOrAfterTest.java
@@ -56,14 +56,14 @@ public class SessionNotOnOrAfterTest extends AbstractSamlTest {
 
         assertThat(authType, notNullValue());
         assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
-        assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000)));
+        assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
 
         // Conditions
         Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
         Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
         ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
 
-        Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000), condition.getNotOnOrAfter());
+        Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
 
         // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
         Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
@@ -77,7 +77,7 @@ public class SessionNotOnOrAfterTest extends AbstractSamlTest {
                 .orElse(null);
 
         Assert.assertNotNull(confirmationData);
-        Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000), confirmationData.getNotOnOrAfter());
+        Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
 
         return null;
     }
@@ -101,6 +101,25 @@ public class SessionNotOnOrAfterTest extends AbstractSamlTest {
         }
     }
 
+    @Test
+    public void testMaxValuesForAllTimeouts() throws Exception {
+        try(AutoCloseable c = new RealmAttributeUpdater(adminClient.realm(REALM_NAME))
+                .updateWith(r -> {
+                    r.setSsoSessionMaxLifespan(Integer.MAX_VALUE);
+                    r.setAccessCodeLifespan(Integer.MAX_VALUE);
+                    r.setAccessTokenLifespan(Integer.MAX_VALUE);
+                })
+                .update()) {
+            new SamlClientBuilder()
+                    .idpInitiatedLogin(getAuthServerSamlEndpoint(REALM_NAME), "sales-post").build()
+                    .login().user(bburkeUser).build()
+                    .processSamlResponse(SamlClient.Binding.POST)
+                    .transformObject(r -> checkSessionNotOnOrAfter(r, Integer.MAX_VALUE, Integer.MAX_VALUE, Integer.MAX_VALUE))
+                    .build()
+                    .execute();
+        }
+    }
+
     @Test
     public void testSamlResponseContainsSessionNotOnOrAfterAuthnLogin() throws Exception {
         try(AutoCloseable c = new RealmAttributeUpdater(adminClient.realm(REALM_NAME))