cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Commented) (JIRA)" <>
Subject [jira] [Commented] (CXF-3931) STS SAMLTokenValidator doesn't validate condition
Date Thu, 24 Nov 2011 16:13:41 GMT


Colm O hEigeartaigh commented on CXF-3931:

Hi Oli,

Looks good apart from the change to DefaultConditionsProvider - the change means that the
STS will issue tokens by default with the conditions requested by the client...potentially
a security concern. Maybe we could make this behaviour pluggable or something.

> STS SAMLTokenValidator doesn't validate condition
> -------------------------------------------------
>                 Key: CXF-3931
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 2.5
>            Reporter: Oliver Wulff
>         Attachments: diff.txt
> The SAMLTokenValidator doesn't verify whether the condition in the SAML token meets the
current time.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message