cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ethan Wallwork (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-5278) STS Renew returns incorrect lifetime
Date Thu, 12 Sep 2013 19:39:55 GMT

     [ https://issues.apache.org/jira/browse/CXF-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ethan Wallwork updated CXF-5278:
--------------------------------

    Issue Type: Bug  (was: Improvement)
    
> STS Renew returns incorrect lifetime
> ------------------------------------
>
>                 Key: CXF-5278
>                 URL: https://issues.apache.org/jira/browse/CXF-5278
>             Project: CXF
>          Issue Type: Bug
>          Components: STS
>    Affects Versions: 2.7.6
>            Reporter: Ethan Wallwork
>
> SAMLTokenRenewer#renewToken sets the lifetime attribute of the TokenRenwerResponse to
the difference between the NotBefore and NotOnOrAfter attributes of the SAML assertion conditions.
 Later the TokenRenewOperation#createREsponse method creates a Lifetime using the current
timestamp as the Created value and the current timestamp plus the previously calculated difference
as the Expires.
> In cases where the NotBefore of the SAML assertion conditions is not the current time
this results in an incorrect lifetime in the response from the renew operation.  For example,
if the NotBefore is a few minutes in the past to work around systems with clock differences
then the lifetime in the response will claim the token expires a few minutes before it actually
does.  
> This seems to cause issues with caching of tokens on the client side (STSClient) as the
token will be cached for a period shorter than it should be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message