cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <>
Subject [jira] [Commented] (FEDIZ-48) Support wfresh properly in the IdP
Date Fri, 25 Jan 2013 15:33:13 GMT


Oliver Wulff commented on FEDIZ-48:

As per my understanding, there is no relation between wfresh and the lifetime element in the
RST. The wfresh parameter can only ensure that the original authentication is not too long
ago. If it is 5 then it means that the IDP token must not have been issued longer ago than
5 minutes. If it's 0, the browser user must re-authenticate himself. The wfresh value must
be checked against the Created element in the cached IDP token. You should still be able to
configure how long an IDP token is valid by default.

I proposed in dev mailing list, that some application specific configuration is required.
You should be able to configure the lifetime as well per application but this is for the RP
token whereas wfresh relates to the IDP (authentication) token.

> Support wfresh properly in the IdP
> ----------------------------------
>                 Key: FEDIZ-48
>                 URL:
>             Project: CXF-Fediz
>          Issue Type: Improvement
>    Affects Versions: 1.0.2
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.1.0, 1.0.3
> This task is to properly support wfresh in the IdP. Currently, we only support "wfresh"
in the context of forcing a re-authentication if it's equal to "0". We should also use it
to specify the Lifetime when requesting a token from the STS.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message