Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Received-SPF: softfail (nike.apache.org: transitioning domain of
 frankmisa@hotmail.com does not designate 216.139.236.26 as permitted sender)
Date: Mon, 7 Jul 2014 15:53:17 -0700 (PDT)
From: Frank Misa <frankmisa@hotmail.com>
To: dev@cxf.apache.org
Message-ID: <1404773597139-5746139.post@n5.nabble.com>
Subject: CXF SecureConversationTest - Fails to renew SCT, no examples or
 tests.
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,
I'm struggling to get a client to renew SCT in a (SAML1.1 + SCT) scenario.
Very little documentation or test examples on this.

Using the current CXF trunk codebase - I've modified some tests to
delay/expire security token between calls.

This test seems to work - but I'm unclear - by the comment: 
>> The service endpoint must contact the STS to validate the received SCT
org.apache.cxf.systest.sts.secure_conv.SecureConversationTest

This test, however, fails - in a very similar fashion - to my more
complicated (SAML1.1 + SCT) case:
org.apache.cxf.systest.wssec.examples.secconv.SecureConversationTest

I've modified the test:
    @org.junit.Test
    public void testSecureConversation() throws Exception {
...
        samlPort.doubleIt(25);
        
        delay(5); //delay 5 minutes
        
        samlPort.doubleIt(50);   
...
}

Seems SCT are not being renewed correctly ?

Question:
* Shouldn't the above test - renew SCT if tokens expired between calls ?
* Are there any tests or documentation on SCT renewal  in a (SAML1.1 + SCT)
scenario ?

Hope to hear from someone.

Thanks
Frank


--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-SecureConversationTest-Fails-to-renew-SCT-no-examples-or-tests-tp5746139.html
Sent from the cxf-dev mailing list archive at Nabble.com.