Return-Path: 
 <issues-return-24090-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 75A8CE0B3
	for <apmail-cxf-issues-archive@www.apache.org>;
 Fri, 25 Jan 2013 15:33:15 +0000 (UTC)
Received: (qmail 28912 invoked by uid 500); 25 Jan 2013 15:33:15 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 28695 invoked by uid 500); 25 Jan 2013 15:33:15 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 28264 invoked by uid 99); 25 Jan 2013 15:33:13 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jan 2013 15:33:13 +0000
Date: Fri, 25 Jan 2013 15:33:13 +0000 (UTC)
From: "Oliver Wulff (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12628691.1358852537500.191487.1359127993826@arcas>
In-Reply-To: <JIRA.12628691.1358852537500@arcas>
References: <JIRA.12628691.1358852537500@arcas>
Subject: [jira] [Commented] (FEDIZ-48) Support wfresh properly in the IdP
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/FEDIZ-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13562776#comment-13562776 ] 

Oliver Wulff commented on FEDIZ-48:
-----------------------------------

As per my understanding, there is no relation between wfresh and the lifetime element in the RST. The wfresh parameter can only ensure that the original authentication is not too long ago. If it is 5 then it means that the IDP token must not have been issued longer ago than 5 minutes. If it's 0, the browser user must re-authenticate himself. The wfresh value must be checked against the Created element in the cached IDP token. You should still be able to configure how long an IDP token is valid by default.

I proposed in dev mailing list, that some application specific configuration is required. You should be able to configure the lifetime as well per application but this is for the RP token whereas wfresh relates to the IDP (authentication) token.

WDYT?
                
> Support wfresh properly in the IdP
> ----------------------------------
>
>                 Key: FEDIZ-48
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-48
>             Project: CXF-Fediz
>          Issue Type: Improvement
>    Affects Versions: 1.0.2
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.1.0, 1.0.3
>
>
> This task is to properly support wfresh in the IdP. Currently, we only support "wfresh" in the context of forcing a re-authentication if it's equal to "0". We should also use it to specify the Lifetime when requesting a token from the STS.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira